CVSS Score: 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NĮnvoy contains a remotely exploitable vulnerability where an HTTP request with escaped slash characters can bypass Envoy’s authorization mechanisms.See the ISTIO-SECURITY-2021-005 bulletin for more details. Istio contains a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters ( %2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
0 Comments
Leave a Reply. |