ContextQMD
Back to Istio Io

ISTIO-SECURITY-2020-001

content/en/news/security/istio-security-2020-001/index.md

latest1.3 KB
Original Source

{{< security_bulletin >}}

Istio 1.3 to 1.3.7 and 1.4 to 1.4.3 are vulnerable to a newly discovered vulnerability affecting Authentication Policy:

  • CVE-2020-8595: A bug in Istio's Authentication Policy exact path matching logic allows unauthorized access to resources without a valid JWT token. This bug affects all versions of Istio that support JWT Authentication Policy with path based trigger rules. The logic for the exact path match in the Istio JWT filter includes query strings or fragments instead of stripping them off before matching. This means attackers can bypass the JWT validation by appending ? or # characters after the protected paths.

Mitigation

  • For Istio 1.3.x deployments: update to Istio 1.3.8 or later.
  • For Istio 1.4.x deployments: update to Istio 1.4.4 or later.

Credit

The Istio team would like to thank Aspen Mesh for the original bug report and code fix of CVE-2020-8595.

{{< boilerplate "security-vulnerability" >}}