CVE-2021-31920
published 2021-05-27CVE-2021-31920: Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.17%
63.7th percentile
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| istio.io | istio | >= 0 < 1.8.6 | 1.8.6 |
| istio.io | istio | >= 1.9.0 < 1.9.5 | 1.9.5 |
| istio | istio | < 1.8.6 | 1.8.6 |
| istio | istio | >= 1.9.0 < 1.9.5 | 1.9.5 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
istio/istio: HTTP request with escaped slash characters can bypass authorization mechanisms
vendor_redhat·2021-05-11·CVSS 8.1
CVE-2021-31920 [HIGH] CWE-863 istio/istio: HTTP request with escaped slash characters can bypass authorization mechanisms
istio/istio: HTTP request with escaped slash characters can bypass authorization mechanisms
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
An authorization bypass flaw was found in Istio. This flaw allows an attacker to craft an HTTP request that defines a certain pattern of escaped characters in the URI path (such as %2F, %2f, %5C, or %5c), allowing them to bypass the authorization service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Statement: This CVE addresses the specific fixes required i
GHSA
Istio Authorization Bypass Vulnerability
ghsa·2022-05-24
CVE-2021-31920 [MEDIUM] CWE-863 Istio Authorization Bypass Vulnerability
Istio Authorization Bypass Vulnerability
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-27
Published