8 matches found
EUVD-2020-29685
Malware in sbrugna...
CVE-2020-8843
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a...
Authorization Bypass
github.com/istio/api is vulnerable to authorization bypass. The vulnerability exists as Istio improperly handles forwarded attributes, allowing it to accept x-istio-attributes header during ingress. When used with the Mixer Policy enabled, it can result in different policy decisions...
Unspecified Vulnerability in Istio
Istio is a set of open platforms for connecting, managing and securing microservices. A security vulnerability exists in Istio versions 1.3 through 1.3.6. An attacker can exploit the vulnerability by encoding the source.uid in the x-istio-attributes header to bypass the configured Mixer policy...
CVE-2020-8843
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a...
Design/Logic Flaw
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a...
CVE-2020-8843
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a...
CVE-2020-8843
CVE-2020-8843 affects Istio 1.3–1.3.6. The issue lets an attacker bypass a configured Mixer policy by abusing the x-istio-attributes header at ingress; exploitation requires encoding a source.uid in the header, which influences policy decisions when Mixer policy applies to ingress source. The vul...