Vulnerabilities > Istio > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-24726 | Resource Exhaustion vulnerability in Istio Istio is an open platform to connect, manage, and secure microservices. | 5.0 |
| 2022-01-19 | CVE-2022-21701 | Incorrect Authorization vulnerability in Istio 1.12.0/1.12.1 Istio is an open platform to connect, manage, and secure microservices. | 6.0 |
| 2021-06-29 | CVE-2021-34824 | Unspecified vulnerability in Istio Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. | 6.5 |
| 2021-06-02 | CVE-2021-31921 | Missing Authorization vulnerability in Istio Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration. | 6.8 |
| 2021-05-27 | CVE-2021-31920 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used. | 4.0 |
| 2021-01-29 | CVE-2019-25014 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. | 4.0 |
| 2020-10-01 | CVE-2020-16844 | Unspecified vulnerability in Istio In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. network istio | 4.9 |
| 2020-02-14 | CVE-2020-8843 | Improper Input Validation vulnerability in Istio An issue was discovered in Istio 1.3 through 1.3.6. | 5.8 |
| 2019-11-12 | CVE-2019-18817 | Infinite Loop vulnerability in Istio Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836. | 5.0 |
| 2019-08-13 | CVE-2019-14993 | Incorrect Regular Expression vulnerability in Istio Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. | 5.0 |