CVE-2020-8843 - OpenCVE

An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Istio	Istio

Configuration 1 [-]

cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/istio/istio/commits/master
https://istio.io/news/security/
https://istio.io/news/security/istio-security-2020-002/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-14T18:45:19

Updated: 2024-08-04T10:12:10.957Z

Reserved: 2020-02-10T00:00:00

Link: CVE-2020-8843

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-14T19:15:10.683

Modified: 2020-02-19T16:16:00.003

Link: CVE-2020-8843

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-14T18:45:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/istio/istio/commits/master"}, {"tags": ["x_refsource_MISC"], "url": "https://istio.io/news/security/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://istio.io/news/security/istio-security-2020-002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8843", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/istio/istio/commits/master", "refsource": "MISC", "url": "https://github.com/istio/istio/commits/master"}, {"name": "https://istio.io/news/security/", "refsource": "MISC", "url": "https://istio.io/news/security/"}, {"name": "https://istio.io/news/security/istio-security-2020-002/", "refsource": "CONFIRM", "url": "https://istio.io/news/security/istio-security-2020-002/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:12:10.957Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/istio/istio/commits/master"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://istio.io/news/security/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://istio.io/news/security/istio-security-2020-002/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-8843", "datePublished": "2020-02-14T18:45:19", "dateReserved": "2020-02-10T00:00:00", "dateUpdated": "2024-08-04T10:12:10.957Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "matchCriteriaId": "A63CAC85-C108-4980-ABE3-6FED91D2ABA5", "versionEndIncluding": "1.3.6", "versionStartIncluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Istio versiones 1.3 hasta 1.3.6. En determinadas circunstancias, es posible omitir una pol\u00edtica Mixer configurada espec\u00edficamente. Istio-proxy acepta el encabezado x-istio-attributes en la entrada que puede ser usado para afectar las decisiones de la pol\u00edtica cuando la pol\u00edtica Mixer se aplica selectivamente a una fuente igual a la entrada. Para explotar esta vulnerabilidad, alguien tiene que codificar un archivo source.uid en este encabezado. Esta funcionalidad est\u00e1 deshabilitada por defecto en Istio versiones 1.3 y 1.4."}], "id": "CVE-2020-8843", "lastModified": "2020-02-19T16:16:00.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-14T19:15:10.683", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/istio/istio/commits/master"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://istio.io/news/security/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://istio.io/news/security/istio-security-2020-002/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}