Vulnerabilities > Redhat > Openshift Service Mesh > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-3495 | Improper Preservation of Permissions vulnerability in multiple products An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. | 6.5 |
| 2021-01-29 | CVE-2019-25014 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. | 4.0 |
| 2020-04-27 | CVE-2020-1762 | Session Fixation vulnerability in multiple products An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration. | 8.6 |
| 2020-03-26 | CVE-2020-1764 | Use of Hard-coded Credentials vulnerability in multiple products A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. | 8.6 |
| 2020-03-04 | CVE-2020-8659 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. | 7.5 |
| 2020-02-17 | CVE-2020-1704 | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Service Mesh 1.0/1.0.7 An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. | 7.8 |
| 2020-02-12 | CVE-2020-8595 | Improper Authentication vulnerability in multiple products Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. | 7.5 |
| 2019-08-13 | CVE-2019-9518 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9517 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9516 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. | 6.5 |