Istio · Istio · CVE-2020-8843
**Name of the Vulnerable Software and Affected Versions**
Istio versions 1.3 through 1.3.6
**Description**
An issue allows bypassing a specifically configured Mixer policy under certain circumstances. The Istio-proxy accepts the `x-istio-attributes` header at ingress, which can affect policy decisions when Mixer policy selectively applies to a source equal to ingress. Exploitation requires encoding a `source.uid` in this header. This feature is disabled by default in Istio 1.3 and 1.4.
**Recommendations**
For Istio versions 1.3 through 1.3.6, consider disabling the feature that accepts the `x-istio-attributes` header at ingress to prevent policy bypass until a patch is available.