CVE-2021-31921

Name of the Vulnerable Software and Affected Versions: Istio versions 1.8.0 through 1.8.6 Istio versions 1.9.0 through 1.9.5

Description: The issue allows an external client to access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO PASSTHROUGH routing configuration. This can be exploited remotely.

Recommendations: For Istio versions 1.8.0 through 1.8.6, update to version 1.8.6 or later. For Istio versions 1.9.0 through 1.9.5, update to version 1.9.5 or later. As a temporary workaround, consider changing the gateway routing configuration from AUTO PASSTHROUGH to a more restrictive setting to minimize the risk of exploitation.