admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-393xx/CVE-2022-39388.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

136 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-39388",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-10T20:15:10.587",
"lastModified": "2022-11-15T20:21:21.517",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds."
},
{
"lang": "es",
"value": "Istio es una plataforma abierta para conectar, administrar y proteger microservicios. En las versiones de la rama 1.15.x anteriores a la 1.15.3, un usuario puede suplantar cualquier identidad de carga de trabajo dentro de la malla de servicios si tiene acceso de host local al plano de control de Istiod. La versi\u00f3n 1.15.3 contiene un parche para este problema. No se conocen workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.15.0",
"versionEndIncluding": "1.15.2",
"matchCriteriaId": "A5DFF901-FC34-460A-B7F6-03F4F0DADA25"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/istio/istio/commit/346260e5115e9fbc65ba8a559bc686e6ca046a32",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/istio/istio/commit/9a643e270421560afb2630e00f76d46a55499df9",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/istio/istio/security/advisories/GHSA-6c6p-h79f-g6p4",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.3/",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink