CVE-2021-39156 — Incorrect Authorization in Istio

CWE-863 — Incorrect Authorization CWE-706 — Use of Incorrectly-Resolved Name or Reference4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 53.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Istio.io Istio Istio

Timeline

PublishedAug 24

Latest updateAug 30

Description

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with `#fragment` in the path may bypass Istio’s URI path based authorization policies. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDistio/istio1.10.0 — 1.10.3+2

▶Goistio.io/istio1.10.0 — 1.10.4+2

▶CVEListV5istio/istio>= 1.10.0, < 1.10.4, >= 1.11.0, < 1.11.1+1

🔴Vulnerability Details

GHSA

Istio Fragments in Path May Lead to Authorization Policy Bypass↗2021-08-30

▶

OSV

Istio Fragments in Path May Lead to Authorization Policy Bypass↗2021-08-30

▶

📋Vendor Advisories

Red Hat

istio/istio: HTTP request with fragment in URI can bypass authorization mechanisms↗2021-08-24

▶