864d40e45051ec5448 Key Findings • There was a lack of validation on the VirtualService Gateway fields that could allow route hijacking • In testing, it did not appear to be possible to secure the control Security Assessment Google / NCC Group Confidential // Depending on the SDS resource to output, some fields may be nil if privateKey == nil && certChain == nil && rootCert == nil { return fmt.Errorf( "the modes other than ISTIO_MUTUAL in which Istio generates the PKI to use — defaults to converting such fields that lack a caCertificates value into a partially filled Upst reamTlsContext lacking a validation_context

customize the Envoy configuration generated by Istio Pilot. Use EnvoyFilter to modify values for certain fields, add specific filters, or even add entirely new listeners, clusters, etc. #IstioCon Wise Platform