RSS   Vulnerabilities for 'Openshift service mesh'   RSS

2021-01-29
 
CVE-2019-25014

CWE-476
 

 
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).

 
2020-12-21
 
CVE-2020-27846

CWE-115
 

 
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

 
2020-04-27
 
CVE-2020-1762

CWE-384
 

 
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.

 
2020-03-26
 
CVE-2020-1764

CWE-798
 

 
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

 

 >>> Vendor: Redhat 373 Products
Linux
Certificate server
Directory server
Sendmail
Openssl
Rsync
Tcpdump
Enterprise linux
Enterprise linux desktop
Linux powertools
Tmpwatch
Pam smb
Stronghold
Redhat package manager
Docbook stylesheets
Docbook utils
Libpng
Pre-execution environment
Interchange
Linux advanced workstation
Rhmask
LV
Analog real-time synthesizer
Kdebase
Kdelibs
Kdelibs devel
Kdelibs sound
Kdelibs sound devel
Wu ftpd
Daredevil skk
Ddskk-xemacs
Up2date
Kernel
Vsftpd
Bigmem kernel
Kernel doc
Kernel source
Sysstat
Gdk pixbuf
LHA
Fedora core
Linux desktop
Sysreport
JBPM
Desktop
Package manager
Jboss application server
Conga
Open iscsi
Cluster suite
Network satelite server
Fedora
Mcstrans
Cairo
Network satellite server
Cygwin
Enterprise linux desktop workstation
Fedora directory server
Nfs utils
Policykit
Desktop workstation
Fedora 8
Certificate system
KVM
Adminutil
Enterprise ipa
Freeipa
Jboss enterprise application platform
Initscripts
CMAN
dogtag certificate system
Libvirt
Cluster project
Gfs2-utils
Rgmanager
Dogtag certificate system
Enterprise mrg
Spacewalk-java
Enterprise virtualization
Qspice
Network satellite
Yum-rhn-plugin
Enterprise virtualization hypervisor
Enterprise virtualization manager
Jboss enterprise service bus
Jboss enterprise soa platform
LVM2
Evince
Spice-xpi
Spice-activex
LUCI
Icedtea
Jboss enterprise web platform
Jboss remoting
389 directory server
Libuser
Icedtea-web
Policycoreutils
Jboss seam 2 framework
Virtualization manager
See all Products for Vendor Redhat


Copyright 2024, cxsecurity.com

 

Back to Top