漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.
Vulnerability Description
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Istio 信息泄露漏洞
Vulnerability Description
Istio是Istio开源的一套连接、管理和保护微服务的开放平台。 Istio 1.29.1之前版本、1.28.5之前版本和1.27.8之前版本存在信息泄露漏洞,该漏洞源于JWKS解析器不可用或获取失败时暴露硬编码默认值,可能导致安全配置失效。
CVSS Information
N/A
Vulnerability Type
N/A