Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6q5m-22mq-q2xv

Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

Istio Authorization Bypass Vulnerability

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

Ссылки

Пакеты

Наименование

istio.io/istio

go
Затронутые версииВерсия исправления

< 1.8.6

1.8.6

Наименование

istio.io/istio

go
Затронутые версииВерсия исправления

>= 1.9.0, <= 1.9.4

1.9.5

EPSS

Процентиль: 41%
0.00191
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2021-31920

Дефекты

CWE-863

Связанные уязвимости

redhat логотип

CVE-2021-31920

CVSS3: 8.1
redhat
больше 4 лет назад

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

nvd логотип

CVE-2021-31920

CVSS3: 6.5
nvd
больше 4 лет назад

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

oracle-oval логотип

ELSA-2021-9399

oracle-oval
больше 4 лет назад

ELSA-2021-9399: olcne security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-9398

oracle-oval
больше 4 лет назад

ELSA-2021-9398: olcne security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-9397

oracle-oval
больше 4 лет назад

ELSA-2021-9397: olcne security update (IMPORTANT)

EPSS

Процентиль: 41%
0.00191
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2021-31920

Дефекты

CWE-863