CVE-2019-12243 Istio improper internet access control vulnerability (Jun 2019)

Preface: Independently deployable is the strongest feature of microservices. Docker is one of the technology vendor keen to develop the microservice.

What is Istio? An open platform to connect, manage, and secure microservices. Istio is easy to deploy. User merely install a proxy (side-car proxy) and complete the configuration.

Vulnerability details: The vulnerability was impacting the TCP Authorization feature. A vulnerability in Istio could allow an unauthenticated, adjacent attacker to gain unauthorized access to a targeted system. Per vendor announcement, a self diagnose can find whether you are vulnerable of this bug. For details, please refer to the following.

Check the status of policy enforcement for your mesh with the following command:

$ kubectl -n istio-system get cm istio -o jsonpath="{@.data.mesh}" | grep disablePolicyChecks

If the output shows that disablePolicyChecks is set to true, it will not be affected by this vulnerability. 

Vendor released software updates at the following link: https://istio.io/about/notes/1.1.7/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.