An SSRF bypass vulnerability exists in Istio's Wasm OCI image fetcher due to insufficient validation of hostnames in Bearer realm URLs. The `validateRealmURL` function allows hostnames like `kubernetes.default.svc` to bypass SSRF protections, enabling attackers to redirect requests to internal cluster resources.
| Vendor | Product | Versions |
|---|---|---|
| istio | wasm oci image fetcher | 1.29.1, 1.29.2, 1.29.3, 1.29.4, 1.29.5, 1.30.0, 1.30.1, 1.30.2, master (2b217d65b4) |
Updated exploit availability to true, marked as actively exploited, and added new tag '0-day'.
Initial creation