Authorization bypass in Istio



Published: 2021-05-25
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-31921
CVE-2021-31920
CWE-ID CWE-285
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Istio
Web applications / Other software

Vendor Istio

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Authorization

EUVDB-ID: #VU53523

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31921

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization procedure.

The vulnerability exists due to a logic issue when the istio gateway is configured with TLS mode `AUTO_PASSTHROUGH`. A remote non-authenticated attacker can bypass authorization checks and gain unauthorized access to services in the cluster.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Istio: 0.1 - 1.10.0


CPE2.3 External links

http://istio.io/latest/news/security/istio-security-2021-006/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Authorization

EUVDB-ID: #VU53524

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31920

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to improper input validation when processing HTTP request path with multiple slashes or escaped slash characters (%2F or %5C). A remote attacker can bypass Istio authorization policy when path based authorization rules are used.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Istio: 0.1 - 1.10.0


CPE2.3 External links

http://istio.io/latest/news/security/istio-security-2021-005/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###