ISTIO-SECURITY-2022-008
Identity impersonation if user has localhost access.
| Disclosure Details | |
|---|---|
| CVE(s) | CVE-2022-39388 |
| CVSS Impact Score | 7.6 AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N |
| Affected Releases | 1.15.2 |
CVE
CVE-2022-39388
- CVE-2022-39388: (CVSS Score 7.6, High): Identity impersonation if user has localhost access.
User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane.
Am I Impacted?
You are at most risk if you are running Istio 1.15.2 and users have access to the machine where Istiod is running.