Known Vulnerabilities for products from Istio
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Istio".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24726 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-10 | 2022-03-18 |
| CVE-2022-23635 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-02-22 | 2023-07-13 |
| CVE-2022-21701 | Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to ... | 8.8 - HIGH | 2022-01-19 | 2022-01-27 |
| CVE-2022-21679 | Istio is an open platform to connect, manage, and secure microservices. In Istio 1.12.0 and 1.12.1 The authorization policy w... | 9.8 - CRITICAL | 2022-01-19 | 2022-01-27 |
| CVE-2021-39156 | Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microserv... | 7.5 - HIGH | 2021-08-24 | 2023-11-07 |
| CVE-2021-39155 | Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microserv... | 7.5 - HIGH | 2021-08-24 | 2021-08-31 |
| CVE-2021-34824 | Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the... | 8.8 - HIGH | 2021-06-29 | 2022-07-12 |
| CVE-2021-31921 | Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access u... | 9.8 - CRITICAL | 2021-06-02 | 2022-05-01 |
| CVE-2021-31920 | Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple s... | 6.5 - MEDIUM | 2021-05-27 | 2022-07-12 |
| CVE-2020-16844 | In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actio... | 6.8 - MEDIUM | 2020-10-01 | 2020-10-15 |
| CVE-2020-11767 | Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over H... | 3.1 - LOW | 2020-04-15 | 2021-07-21 |
| CVE-2020-10739 | Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by se... | 7.5 - HIGH | 2020-06-02 | 2023-11-07 |
| CVE-2020-8843 | An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically conf... | 7.4 - HIGH | 2020-02-14 | 2020-02-19 |
| CVE-2020-8595 | Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Aut... | 7.3 - HIGH | 2020-02-12 | 2020-02-20 |
| CVE-2019-25014 | A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. I... | 6.5 - MEDIUM | 2021-01-29 | 2021-02-03 |
| CVE-2019-18836 | Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection bei... | 7.5 - HIGH | 2019-11-11 | 2023-11-07 |
| CVE-2019-18817 | Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issu... | 7.5 - HIGH | 2019-11-12 | 2019-11-14 |
| CVE-2019-14993 | Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service durin... | 7.5 - HIGH | 2019-08-13 | 2019-08-16 |
| CVE-2019-12995 | Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related ... | 7.5 - HIGH | 2019-06-28 | 2020-08-24 |
| CVE-2019-12243 | Istio 1.1.x through 1.1.6 has Incorrect Access Control. | 7.5 - HIGH | 2019-06-05 | 2020-08-24 |
Known software with vulnerabilities from Istio
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Istio | Istio | 0.1.0 |