ISTIO-SECURITY-2022-008

{{< security_bulletin >}}

CVE

CVE-2022-39388

• CVE-2022-39388: (CVSS Score 7.6, High): Identity impersonation if user has localhost access.

User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane.

Am I Impacted?

You are at most risk if you are running Istio 1.15.2 and users have access to the machine where Istiod is running.