Incorrect Access Control in Istio 1.1.x Affecting the Istio Open Source Community
CVE-2019-12243

7.5HIGH

Key Information:

Vendor: Istio
Status: Istio
Vendor: CVE Published:; 5 June 2019

What is CVE-2019-12243?

The vulnerability in Istio versions 1.1.0 through 1.1.6 includes incorrect access control configurations, which may allow an unauthorized user to bypass security mechanisms. This issue highlights the importance of proper security settings to ensure restricted access to sensitive functions within the Istio service mesh. Users are advised to review their access control policies and upgrade to a secure version.

References

https://istio.io/about/notes/

x_refsource_MISC

https://istio.io/blog/2019/cve-2019-12243/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2019
Vulnerability Reserved
May 20, 2019

CVE-2019-12243 Data

JSON