First published: Thu Oct 01 2020(Updated: )
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
go/istio.io/istio | >=1.6.0<1.6.8 | 1.6.8 |
go/istio.io/istio | >=1.5.0<1.5.9 | 1.5.9 |
Microsoft Windows Server 2022 | >=1.5.0<=1.5.8 | |
Microsoft Windows Server 2022 | >=1.6.0<=1.6.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-16844 is medium with a CVSS score of 6.8.
To fix CVE-2020-16844, upgrade Istio to version 1.5.9 or 1.6.8, depending on the currently installed version.
Istio versions 1.5.0 through 1.5.8 and 1.6.0 through 1.6.7 are affected by CVE-2020-16844.
The CVE ID for this vulnerability is CVE-2020-16844.
The CWE of CVE-2020-16844 is CWE-284.