We reported a possible Man-in-the-Middle (MitM) attack scenario in which a VirtualService can redirect or intercept traffic within the service mesh. This affects Namespace-based Multi-Tenancy clusters where tenants have the permissions to deploy Istio resources (networking.istio.io/v1).
In collaboration with Istio, we published a guest submission in Istio’s blog (as well as below), a Security Bulletin, and an update to their Security Model to address this issue.
This blog post highlights the risks of using Istio in multi-tenant clusters and explains how users can mitigate these risks and safely operate Istio in their deployments.
Please note that the issues even extend beyond the cluster scope in a “single mesh with multiple clusters” deployment.
The behavior described in this post applies to Istio version 1.29.0 and to all versions since the introduction of the mesh gateway option in the VirtualService resource.
Continue reading “Security Considerations on Istio’s CRDs with Namespace-based Multi-Tenancy”
Continue reading