CVE-2020-16844 — MEDIUM (6.8)

Q: How severe is CVE-2020-16844?

CVE-2020-16844 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-16844?

Check the references section above for vendor advisories and patch information. Affected products include: Istio Istio.

Vulnerability Description

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Istio	Istio	>= 1.5.0, <= 1.5.8

References

https://github.com/istio/istio/releasesVendor Advisory
https://istio.io/latest/news/security/istio-security-2020-009/ExploitMitigationVendor Advisory
https://github.com/istio/istio/releasesVendor Advisory
https://istio.io/latest/news/security/istio-security-2020-009/ExploitMitigationVendor Advisory

FAQ

What is CVE-2020-16844?

CVE-2020-16844 is a vulnerability with a CVSS score of 6.8 (MEDIUM). In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or na...

How severe is CVE-2020-16844?

CVE-2020-16844 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-16844?

Check the references section above for vendor advisories and patch information. Affected products include: Istio Istio.