Remote Access Vulnerability in Istio Gateway Configuration by Istio
CVE-2021-31921

9.8CRITICAL

Key Information:

Vendor: Istio
Status: Istio
Vendor: CVE Published:; 2 June 2021

What is CVE-2021-31921?

A vulnerability exists in Istio, affecting versions prior to 1.8.6 and 1.9.x before 1.9.5, which allows external clients to gain unauthorized access to unexpected services within the cluster. This occurs when the gateway is set to AUTO_PASSTHROUGH routing configuration, effectively bypassing essential authorization checks and potentially compromising the security and operational integrity of the affected services.

References

https://istio.io/latest/news/security/istio-security-2021...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2021
Vulnerability Reserved
Apr 30, 2021

CVE-2021-31921 Data

JSON