Vulnerabilities > Istio
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-34824 | Unspecified vulnerability in Istio Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. | 8.8 |
| 2021-06-02 | CVE-2021-31921 | Missing Authorization vulnerability in Istio Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration. | 9.8 |
| 2021-05-27 | CVE-2021-31920 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used. | 6.5 |
| 2021-01-29 | CVE-2019-25014 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. | 6.5 |
| 2020-10-01 | CVE-2020-16844 | Unspecified vulnerability in Istio In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. | 6.8 |
| 2020-06-02 | CVE-2020-10739 | NULL Pointer Dereference vulnerability in Istio Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. | 7.5 |
| 2020-04-15 | CVE-2020-11767 | Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. | 3.1 |
| 2020-02-14 | CVE-2020-8843 | Improper Input Validation vulnerability in Istio An issue was discovered in Istio 1.3 through 1.3.6. | 7.4 |
| 2020-02-12 | CVE-2020-8595 | Improper Authentication vulnerability in multiple products Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. | 7.3 |
| 2019-11-12 | CVE-2019-18817 | Infinite Loop vulnerability in Istio Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | 7.5 |