In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-01T16:32:38

Updated: 2024-08-04T13:45:34.406Z

Reserved: 2020-08-04T00:00:00

Link: CVE-2020-16844

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-01T17:15:13.150

Modified: 2024-11-21T05:07:15.150

Link: CVE-2020-16844

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-08-11T19:00:00Z

Links: CVE-2020-16844 - Bugzilla