CVE-2019-12243

Name of the Vulnerable Software and Affected Versions Istio versions 1.1.x through 1.1.6

Description The issue is related to Incorrect Access Control. When the disablePolicyChecks variable is set to false, inbound TCP connections do not generate Check requests to istio-policy and external authorization is not applied. This behavior is a result of a change to the istio/pilot/pkg/networking/plugin/mixer/mixer.go file in version 1.1.

Recommendations For Istio versions 1.1.x through 1.1.6, as a temporary workaround, consider setting disablePolicyChecks to true to ensure that inbound TCP connections generate Check requests to istio-policy and external authorization is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.