Lucene search
K

4 matches found

OSV
OSV
added 2022/02/15 1:57 a.m.61 views

GHSA-82MM-FFJR-H86C Authorization bypass in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. Specific Go...

6.8CVSS6.5AI score0.011EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.28 views

Authorization bypass in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. Specific Go...

6.8CVSS6.5AI score0.011EPSS
Exploits1References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/15 12:0 a.m.57 views

Authorization bypass in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...

6.8CVSS4.2AI score0.011EPSS
Exploits1References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/15 12:0 a.m.27 views

Authorization bypass in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...

6.8CVSS4.2AI score0.011EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder