Security Advisory

CVE-2020-16844

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-01 16:32:38

Last updated 2024-08-04 13:45:34

Assigner mitre

State PUBLISHED

Description

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.

← Browse all CVEs View on cve.org ↗