One Article Review
| Source |  Vuln GCP |
|---|---|
| Identifiant | 8296092 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-010 (Recyclage) |
| Texte | Description Description Severity Notes The following Istio CVE exposes Anthos Service Mesh to a remotely exploitable vulnerability: CVE-2022-24726: The Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017 but does not require any authentication from the attacker. For instructions and more details, see the following security bulletin: Anthos Service Mesh security bulletin. High CVE-2022-24726 |
| Envoyé | Oui |
| Condensat | 010 15017 2022 24726 24726: `istiod` allowing and anthos any attacker authentication bulletin bulletin: but cluster control crafted crashing cve description details does endpoint error exploitable exposed exposes following for from gcp high instructions istio malicious mesh message more not notes over plane port processing publicly remotely request require results security see sends served service severity specially that the this tls validating vulnerability: vulnerable webhook when which |
| Tags | |
| Stories | |
| Notes | ★★★ |
| Move | 
|
Les reprises de l'article (1):
| Source | Vuln GCP |
|---|---|
| Identifiant | 8296082 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-020 (Recyclage) |
| Texte | Published: 2022-10-05Updated: 2022-10-12Description Description Severity Notes The Istio control plane istiod is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For instructions and more details, see the Anthos Service Mesh security bulletin. High CVE-2022-39278 |
| Envoyé | Oui |
| Condensat | 020 05updated: 12description 15017 2022 39278 allowing and anthos any attacker authentication bulletin but cluster control crafted crashing cve description details does endpoint error exposed for from gcp high instructions istio istiod malicious mesh message more not notes over plane port processing publicly published: request require results security see sends served service severity specially that the this tls validating vulnerable webhook when which |
| Tags | |
| Stories | |
| Notes | ★★★ |
| Move |
|
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-020 (lien direct) | Published: 2022-10-05Updated: 2022-10-12Description Description Severity Notes The Istio control plane istiod is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For instructions and more details, see the Anthos Service Mesh security bulletin. High CVE-2022-39278 | ★★★ |