First published: Fri Feb 14 2020(Updated: )
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Istio Istio | >=1.3.0<=1.3.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-8843 is high.
CVE-2020-8843 affects Istio versions 1.3 through 1.3.6.
CVE-2020-8843 is a vulnerability in Istio where it is possible to bypass a specifically configured Mixer policy under certain circumstances.
CVE-2020-8843 can be exploited by using the x-istio-attributes header at ingress to affect policy decisions when Mixer policy selectively applies to a source.
To fix CVE-2020-8843, upgrade Istio to a version beyond 1.3.6.