Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing configuration.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-02T15:36:41

Updated: 2024-08-03T23:10:31.293Z

Reserved: 2021-04-30T00:00:00

Link: CVE-2021-31921

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-02T16:15:08.927

Modified: 2024-11-21T06:06:30.930

Link: CVE-2021-31921

cve-icon Redhat

Severity : Important

Publid Date: 2021-05-11T19:00:00Z

Links: CVE-2021-31921 - Bugzilla