istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/content/en/news/security/istio-security-2022-008/index.md

787 B
Raw Permalink Blame History

title subtitle description cves cvss vector releases publishdate keywords skip_seealso
ISTIO-SECURITY-2022-008 Security Bulletin Identity impersonation if user has localhost access.
CVE-2022-39388
7.6 AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1.15.2
2022-11-09
CVE
true

{{< security_bulletin >}}

CVE

CVE-2022-39388

  • CVE-2022-39388: (CVSS Score 7.6, High): Identity impersonation if user has localhost access.

User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane.

Am I Impacted?

You are at most risk if you are running Istio 1.15.2 and users have access to the machine where Istiod is running.