Openshift Service Mesh@1.0 Security Vulnerabilities and Issues — Openshift Service Mesh@1.0 CVE List

Lucene search

RedhatOpenshift Service Mesh1.0

4 matches found

CVE•added 2020/03/04 9:15 p.m.•95 views

CVE-2020-8659

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.

7.5CVSS7.4AI score0.01026EPSS

CVE•added 2020/04/27 9:15 p.m.•89 views

CVE-2020-1762

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Is...

8.6CVSS8.3AI score0.01304EPSS

CVE•added 2020/03/26 1:15 p.m.•84 views

CVE-2020-1764

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter ...

8.6CVSS8.5AI score0.05246EPSS

CVE•added 2020/02/12 3:15 p.m.•57 views

CVE-2020-8595

Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. F...

7.5CVSS7.2AI score0.00842EPSS