First published: Wed Jun 02 2021(Updated: )
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Istio Istio | <1.8.6 | |
Istio Istio | >=1.9.0<1.9.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Istio vulnerability is CVE-2021-31921.
The severity of CVE-2021-31921 is critical.
CVE-2021-31921 affects Istio versions before 1.8.6 and 1.9.x before 1.9.5 where an external client can access unexpected services in the cluster, bypassing authorization checks.
An attacker can exploit CVE-2021-31921 by leveraging an external client to access unexpected services in the cluster without proper authorization.
Yes, fixes are available for CVE-2021-31921. Upgrade to Istio version 1.8.6 or higher, or 1.9.5 or higher to mitigate the vulnerability.