Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:NIstio
APPIstio1.15.0 – 1.15.2
Related vulnerabilities
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external clie...
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a...
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and t...
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed header...
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control...