Vulnerabilities > Istio > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-24726 Resource Exhaustion vulnerability in Istio
Istio is an open platform to connect, manage, and secure microservices.
network
low complexity
istio CWE-400
5.0
2022-01-19 CVE-2022-21701 Incorrect Authorization vulnerability in Istio 1.12.0/1.12.1
Istio is an open platform to connect, manage, and secure microservices.
network
istio CWE-863
6.0
2021-06-29 CVE-2021-34824 Unspecified vulnerability in Istio
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.
network
low complexity
istio
6.5
2021-06-02 CVE-2021-31921 Missing Authorization vulnerability in Istio
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
network
istio CWE-862
6.8
2021-05-27 CVE-2021-31920 Use of Incorrectly-Resolved Name or Reference vulnerability in Istio
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
network
low complexity
istio CWE-706
4.0
2021-01-29 CVE-2019-25014 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0.
network
low complexity
istio redhat CWE-476
4.0
2020-10-01 CVE-2020-16844 Unspecified vulnerability in Istio
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g.
network
istio
4.9
2020-02-14 CVE-2020-8843 Improper Input Validation vulnerability in Istio
An issue was discovered in Istio 1.3 through 1.3.6.
network
istio CWE-20
5.8
2019-11-12 CVE-2019-18817 Infinite Loop vulnerability in Istio
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
network
low complexity
istio CWE-835
5.0
2019-08-13 CVE-2019-14993 Incorrect Regular Expression vulnerability in Istio
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.
network
low complexity
istio CWE-185
5.0