Cross-Namespace Credential Exposure in Istio Gateway and DestinationRule

Cross-Namespace Credential Exposure in Istio Gateway and DestinationRule

CVE-2021-34824 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.

Learn more about our Web Application Penetration Testing UK.