VYPR
High severityNVD Advisory· Published Nov 10, 2022· Updated Apr 23, 2025

Istio may allow identity impersonation if user has localhost access

CVE-2022-39388

Description

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/istio/istioGo
>= 1.15.0-beta.0, < 1.15.31.15.3

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.