CVE-2021-31920Use of Incorrectly-Resolved Name or Reference in Istio

CWE-706Use of Incorrectly-Resolved Name or ReferenceCWE-863Incorrect Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Istio.io IstioIstio
Timeline
PublishedMay 27
Latest updateMay 24

Description

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDistio/istio1.9.01.9.5+1
Goistio.io/istio1.9.01.9.5+1

🔴Vulnerability Details

1
GHSA
Istio Authorization Bypass Vulnerability2022-05-24

📋Vendor Advisories

1
Red Hat
istio/istio: HTTP request with escaped slash characters can bypass authorization mechanisms2021-05-11
CVE-2021-31920 — Istio.io Istio vulnerability | cvebase