ISTIO-SECURITY-2020-005

Denial of service affecting telemetry v2.

May 12, 2020

Disclosure Details
CVE(s)CVE-2020-10739
CVSS Impact Score7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Releases1.4 to 1.4.8
1.5 to 1.5.3

Istio 1.4 with telemetry v2 enabled and Istio 1.5 contain the following vulnerability when telemetry v2 is enabled:

Mitigation

$ istioctl manifest apply --set values.telemetry.v2.enabled=false

Credit

We’d like to thank Joren Zandstra for the original bug report.

Reporting vulnerabilities

We’d like to remind our community to follow the vulnerability reporting process to report any bug that can result in a security vulnerability.