Vulnerabilities > Redhat > Openshift Service Mesh > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2021-06-01 CVE-2021-3495 An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7.
network
low complexity
netlify redhat
8.8
2020-04-27 CVE-2020-1762 Session Fixation vulnerability in multiple products
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.
network
low complexity
kiali redhat CWE-384
8.6
2020-03-26 CVE-2020-1764 Use of Hard-coded Credentials vulnerability in multiple products
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1.
network
low complexity
kiali redhat CWE-798
8.6
2020-03-04 CVE-2020-8661 Resource Exhaustion vulnerability in multiple products
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
network
low complexity
cncf redhat CWE-400
7.5
2020-03-04 CVE-2020-8659 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e.
network
low complexity
cncf redhat debian CWE-770
7.5
2020-02-17 CVE-2020-1704 Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Service Mesh 1.0/1.0.7
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container.
local
low complexity
redhat CWE-732
7.8
2020-02-12 CVE-2020-8595 Improper Authentication vulnerability in multiple products
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass.
network
low complexity
istio redhat CWE-287
7.3
2019-08-13 CVE-2019-9518 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9517 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service.
7.5