Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-11-10T00:00:00
Updated: 2024-08-03T12:07:41.233Z
Reserved: 2022-09-02T00:00:00
Link: CVE-2022-39388
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-10T20:15:10.587
Modified: 2024-11-21T07:18:11.550
Link: CVE-2022-39388
Redhat
No data.