CVE-2022-39388

LOW Year: 2022
CVSS v3 Score
3.5
Low
Weakness Type
CWE-863
View all →

Vulnerability Description

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds.

Related Vulnerabilities

CVE-2022-3582

LOW
CVSS:3.5(Low)

A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation o...

CWE-8632022

CVE-2023-3511

LOW
CVSS:3.5(Low)

An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was ...

CWE-8632023

CVE-2023-3613

LOW
CVSS:3.5(Low)

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

CWE-8632023

CVE-2020-35501

LOW
CVSS:3.4(Low)

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

CWE-8632020

CVE-2023-3485

LOW
CVSS:3.6(Low)

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. C...

CWE-8632023

CVE-2024-54010

LOW
CVSS:3.4(Low)

A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the...

CWE-8632024