In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Istio | Istio | 1.5.0 | 1.5.8 |
Istio | Istio | 1.6.0 | 1.6.7 |