First published: Tue Jun 29 2021(Updated: )
Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Istio Istio | >=1.8.0<1.9.6 | |
Istio Istio | >=1.10.0<1.10.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Istio vulnerability is CVE-2021-34824.
CVE-2021-34824 has a severity rating of 8.8 (high).
Istio versions 1.8.x (1.8.0 to 1.9.5), 1.9.0-1.9.5, and 1.10.0-1.10.1 are affected by CVE-2021-34824.
CVE-2021-34824 allows unauthorized access to credentials specified in the Gateway and DestinationRule credentialName field in different namespaces.
To fix CVE-2021-34824, update Istio to version 1.9.6 or above for 1.8.x and 1.9.0-1.9.5, and update to version 1.10.2 or above for 1.10.0-1.10.1.