CVE-2022-21701 Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 it is vulnerable to a privilege escalation attack

CVE-2022-21701 Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 it is vulnerable to a privilege escalation attack

- CVE-2018-5683 - Kubernetes is vulnerable to a privilege escalation vulnerability. A malicious user with `RBAC.REST.Allow.AUTHITIZE` permission can create other objects that they may not have access to, such as `Pod`. This vulnerability impacts only an Alpha level feature, the Kubernetes API. This is not the same as the Istio API type (api.istio.io), which is not vulnerable. Users are advised to upgrade to resolve this issue. Users unable to upgrade should implement any of the following which will prevent this vulnerability: Set RBAC.REST.Allow.AUTHITIZE=false environment variable in Istiod, set RBAC.REST.Allow.CREATE_OBJECTS=false in Istiod config, or remove RBAC.REST.Allow.CREATE permission from untrusted users. - CVE-2018-9395 - There is a race condition in the way some Kubernetes components handle requests. An attacker could exploit this by using a custom set of requests to cause a denial of service. This vulnerability impacts only an Alpha level feature, the Kubernetes API. This is not the same as the Istio API type (api.istio.io), which is not vulnerable. Users are advised to upgrade to resolve this issue. Users unable to upgrade should implement any of the following which will prevent this vulnerability: Set

References:

1. https://www.buzzfeed.com/patricksmith/how-to-outsource-seo-correctly
2. https://www.buzzfeed.com/jasonaustin/6-reasons-why-our-digital-marketing-can-be
3. https://www.istio.io/blog/importance-of-digital-marketing

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe