{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-27T04:03:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://istio.io/latest/news/security/istio-security-2021-005/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31920", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://istio.io/latest/news/security/istio-security-2021-005/", "refsource": "CONFIRM", "url": "https://istio.io/latest/news/security/istio-security-2021-005/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:10:31.275Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://istio.io/latest/news/security/istio-security-2021-005/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31920", "datePublished": "2021-05-27T04:03:31", "dateReserved": "2021-04-30T00:00:00", "dateUpdated": "2024-08-03T23:10:31.275Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD72BDF7-907A-407F-94BF-ACDB1F8FFAD1", "versionEndExcluding": "1.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF73EA19-5803-4F37-A250-1C8597A17FA1", "versionEndExcluding": "1.9.5", "versionStartIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used."}, {"lang": "es", "value": "Istio versiones anteriores a 1.8.6 y versiones 1.9.x anteriores a 1.9.5 presenta una vulnerabilidad explotable de forma remota en la que una ruta de petici\u00f3n HTTP con m\u00faltiples barras o caracteres de barra de escape (%2F o %5C) podr\u00eda omitir potencialmente una pol\u00edtica de autorizaci\u00f3n de Istio cuando las reglas de autorizaci\u00f3n basadas en la ruta son usadas"}], "id": "CVE-2021-31920", "lastModified": "2024-11-21T06:06:30.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-27T05:15:06.880", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://istio.io/latest/news/security/istio-security-2021-005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://istio.io/latest/news/security/istio-security-2021-005/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-706"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Istio Product Security Working Group for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:1540", "cpe": "cpe:/a:redhat:service_mesh:1.1::el8", "package": "servicemesh-0:1.1.14-1.el8", "product_name": "OpenShift Service Mesh 1.1", "release_date": "2021-05-11T00:00:00Z"}, {"advisory": "RHSA-2021:1538", "cpe": "cpe:/a:redhat:service_mesh:2.0::el8", "package": "servicemesh-0:2.0.4-1.el8", "product_name": "OpenShift Service Mesh 2.0", "release_date": "2021-05-11T00:00:00Z"}, {"advisory": "RHSA-2021:1538", "cpe": "cpe:/a:redhat:service_mesh:2.0::el8", "package": "servicemesh-operator-0:2.0.4-3.el8", "product_name": "OpenShift Service Mesh 2.0", "release_date": "2021-05-11T00:00:00Z"}], "bugzilla": {"description": "istio/istio: HTTP request with escaped slash characters can bypass authorization mechanisms", "id": "1959481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959481"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-863", "details": ["Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.", "An authorization bypass flaw was found in Istio. This flaw allows an attacker to craft an HTTP request that defines a certain pattern of escaped characters in the URI path (such as %2F, %2f, %5C, or %5c), allowing them to bypass the authorization service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2021-31920", "public_date": "2021-05-11T19:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-31920\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-31920\nhttps://istio.io/latest/news/security/istio-security-2021-005/"], "statement": "This CVE addresses the specific fixes required in istio to support the vulnerability found in envoyproxy/envoy, CVE-2021-29492.", "threat_severity": "Important"}