{"vulnerability": "CVE-2020-16844", "sightings": [{"uuid": "33c1eeb9-a474-4029-9d24-03da95b4e955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16844", "type": "seen", "source": "https://t.me/cibsecurity/14992", "content": "\u203c CVE-2020-16844 \u203c\n\nIn Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-01T20:53:10.000000Z"}, {"uuid": "04790213-31d5-4775-bdf8-80e3f796f6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16844", "type": "seen", "source": "https://gist.github.com/ferasdour/504aa49686f8e64564249de44cd5eab2", "content": "", "creation_timestamp": "2025-07-25T01:12:22.000000Z"}]}