One Article Review
| Source |  Vuln GCP |
|---|---|
| Identifiant | 8296095 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-007 |
| Texte | Published:Description Description Severity Notes The following Envoy and Istio CVEs expose Anthos Service Mesh and Istio on GKE to remotely exploitable vulnerabilities: CVE-2022-23635: Istiod crashes upon receiving requests with a specially crafted authorization header. CVE-2021-43824: Potential null pointer dereference when using JWT filter safe_regex match CVE-2021-43825: Use-after-free when response filters increase response data, and increased data exceeds downstream buffer limits. CVE-2021-43826: Use-after-free when tunneling TCP over HTTP, if downstream disconnects during upstream connection establishment. CVE-2022-21654: Incorrect configuration handling allows mTLS session re-use without re-validation after validation settings have changed. CVE-2022-21655: Incorrect handling of internal redirects to routes with a direct response entry. CVE-2022-23606: Stack exhaustion when a cluster is deleted via Cluster Discovery Service. For instructions and more details, see the following security bulletins: Anthos Service Mesh security bulletin. Istio on GKE security bulletin. High CVE-2022-23635 CVE-2021-43824 CVE-2021-43825 CVE-2021-43826 CVE-2022-21654 CVE-2022-21655 CVE-2022-23606 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 007 2021 2022 21654 21654: 21655 21655: 23606 23606: 23635 23635: 43824 43824: 43825 43825: 43826 43826: after allows and anthos authorization buffer bulletin bulletins: changed cluster configuration connection crafted crashes cve cves data deleted dereference description details direct disconnects discovery downstream during entry envoy establishment exceeds exhaustion exploitable expose filter filters following for free gcp gke handling have header high http incorrect increase increased instructions internal istio istiod jwt limits match mesh more mtls notes null over pointer potential published:description receiving redirects regex remotely requests response routes safe security see service session settings severity specially stack tcp the tunneling upon upstream use using validation via vulnerabilities: when with without |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.