In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| istio.io/istio(Go) | 1.5.0 | 1.5.9 | N/A |
| istio.io/istio(Go) | 1.6.0 | 1.6.8 | N/A |
CVSS Metrics
