Identity impersonation if user has localhost access.
|CVSS Impact Score||7.6 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N|
- CVE-2022-39388: (CVSS Score 7.6, High): Identity impersonation if user has localhost access.
User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane.
Am I Impacted?
You are at most risk if you are running Istio 1.15.2 and users have access to the machine where Istiod is running.