Known Vulnerabilities for products from Istio

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Istio".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-24726 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2022-03-10 2022-03-18
CVE-2022-23635 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2022-02-22 2023-07-13
CVE-2022-21701 Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to ... 8.8 - HIGH 2022-01-19 2022-01-27
CVE-2022-21679 Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy w... 9.8 - CRITICAL 2022-01-19 2022-01-27
CVE-2021-39156 Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microserv... 7.5 - HIGH 2021-08-24 2023-11-07
CVE-2021-39155 Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microserv... 7.5 - HIGH 2021-08-24 2021-08-31
CVE-2021-34824 Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the... 8.8 - HIGH 2021-06-29 2022-07-12
CVE-2021-31921 Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access u... 9.8 - CRITICAL 2021-06-02 2022-05-01
CVE-2021-31920 Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple s... 6.5 - MEDIUM 2021-05-27 2022-07-12
CVE-2020-16844 In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actio... 6.8 - MEDIUM 2020-10-01 2020-10-15
CVE-2020-11767 Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over H... 3.1 - LOW 2020-04-15 2021-07-21
CVE-2020-10739 Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by se... 7.5 - HIGH 2020-06-02 2023-11-07
CVE-2020-8843 An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically conf... 7.4 - HIGH 2020-02-14 2020-02-19
CVE-2020-8595 Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Aut... 7.3 - HIGH 2020-02-12 2020-02-20
CVE-2019-25014 A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. I... 6.5 - MEDIUM 2021-01-29 2021-02-03
CVE-2019-18836 Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection bei... 7.5 - HIGH 2019-11-11 2023-11-07
CVE-2019-18817 Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issu... 7.5 - HIGH 2019-11-12 2019-11-14
CVE-2019-14993 Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service durin... 7.5 - HIGH 2019-08-13 2019-08-16
CVE-2019-12995 Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related ... 7.5 - HIGH 2019-06-28 2020-08-24
CVE-2019-12243 Istio 1.1.x through 1.1.6 has Incorrect Access Control. 7.5 - HIGH 2019-06-05 2020-08-24

Known software with vulnerabilities from Istio

Type Vendor Product Version
ApplicationIstioIstio0.1.0