Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-39388: Identity impersonation if user has localhost access

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds.

CVE
Open in Source
#vulnerability#google

High

howardjohn published GHSA-6c6p-h79f-g6p4

Nov 9, 2022

Description

Impact

User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane.

Patches

1.15.3

Workarounds

No. If using 1.15.2 please upgrade to 1.15.3 or later.

References

None at this time.

For more information

If you have any questions or comments about this advisory, please email us at [email protected]

Severity

CVSS base metrics

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Related news

GHSA-6c6p-h79f-g6p4: Istio may allow identity impersonation if user has localhost access

### Impact User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. ### Patches 1.15.3 ### Workarounds No. If using 1.15.2 please upgrade to 1.15.3 or later. ### References None at this time. ### For more information If you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected])

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE