How severe is CVE-2021-39156?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-39156?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2021-39156 - HIGH Severity | CVSS 7.5

Vulnerability Description

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with `#fragment` in the path may bypass Istio’s URI path based authorization policies. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize the path.

Related Vulnerabilities

CVE-2006-6679

HIGH

CVSS:7.5(High)

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by sp...

CWE-8632006

CVE-2008-4577

HIGH

CVSS:7.5(High)

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

CWE-8632008

CVE-2009-3723

HIGH

CVSS:7.5(High)

asterisk allows calls on prohibited networks

CWE-8632009

CVE-2011-2726

HIGH

CVSS:7.5(High)

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual...

CWE-8632011

CVE-2012-2238

HIGH

CVSS:7.5(High)

trytond 2.4: ModelView.button fails to validate authorization

CWE-8632012

CVE-2012-3822

HIGH

CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.

CWE-8632012