ISTIO-SECURITY-2020-010

Security Bulletin

Disclosure Details
CVE(s)CVE-2020-25017
CVSS Impact Score8.3 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Affected Releases1.6 to 1.6.10
1.7 to 1.7.2

Envoy, and subsequently Istio, is vulnerable to a newly discovered vulnerability:

Mitigation

  • For Istio 1.6.x deployments: update to Istio 1.6.11 or later.
  • For Istio 1.7.x deployments: update to Istio 1.7.3 or later.

Reporting vulnerabilities

We’d like to remind our community to follow the vulnerability reporting process to report any bug that can result in a security vulnerability.

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!