Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.
AnalysisAI
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. Affected products include: Istio.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can acc
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connectio
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service
Istio 1.1.x through 1.1.6 has Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is no authent
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multi
Istio is an open platform to connect, manage, and secure microservices. Rated critical severity (CVSS 9.8), this vulnera
Authentication enforcement in Istio service mesh fails open: prior to 1.29.1, 1.28.5, and 1.27.8, when the JWKS resolver
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry c
Istio is an open platform to connect, manage, and secure microservices. Rated high severity (CVSS 7.5), this vulnerabili
Istio is an open platform to connect, manage, and secure microservices. Rated high severity (CVSS 7.5), this vulnerabili
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today