[master] CVE 1.15.3 (#12209)

* Add information about CVE affecting 1.15.2

* Fix linting issues

* sort

Co-authored-by: Jacob Delgado <jacob.delgado@volunteers.acasi.info>

.spelling

@@ -305,6 +305,7 @@ CVE-2022-29227
 CVE-2022-29228
 CVE-2022-31045
 CVE-2022-39278
+CVE-2022-39388
 CVE-2022-41715
 cves
 CVEs

content/en/docs/releases/supported-releases/index.md

@@ -78,7 +78,7 @@ Please keep up-to-date and use a supported version.
 
 | Minor Releases   | Patched versions with no known CVEs           |
 |------------------|-----------------------------------------------|
-| 1.15.x           | 1.15.2+                                       |
+| 1.15.x           | 1.15.3+                                       |
 | 1.14.x           | 1.14.5+                                       |
 | 1.13.x           | 1.13.9+                                       |
 | 1.12 and earlier | None, all versions have known vulnerabilities |

content/en/news/security/istio-security-2022-008/index.md

@@ -0,0 +1,27 @@
+---
+title: ISTIO-SECURITY-2022-008
+subtitle: Security Bulletin
+description: Identity impersonation if user has localhost access.
+cves: [CVE-2022-39388]
+cvss: "7.6"
+vector: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"
+releases: ["1.15.2"]
+publishdate: 2022-11-09
+keywords: [CVE]
+skip_seealso: true
+---
+
+{{< security_bulletin >}}
+
+## CVE
+
+### CVE-2022-39388
+
+- __[CVE-2022-39388](https://github.com/istio/istio/security/advisories/GHSA-6c6p-h79f-g6p4)__:
+  (CVSS Score 7.6, High): Identity impersonation if user has localhost access.
+
+User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane.
+
+## Am I Impacted?
+
+You are at most risk if you are running Istio 1.15.2 and users have access to the machine where Istiod is running.