Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XIstio
APPIstio< 1.27.81.28.0 – 1.28.5 (bez)1.29.0 – 1.29.1 (bez)
Powiązane podatności
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external clie...
Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior...
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and t...
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed header...
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control...