CVE-2022-29179
Summary
| CVE | CVE-2022-29179 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-20 19:15:00 UTC |
| Updated | 2022-06-03 18:00:00 UTC |
| Description | Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. There are no known workarounds available. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| User with root privileges on node can leverage permissions of Cilium ClusterRole · Advisory · cilium/cilium · GitHub | CONFIRM | github.com | |
| Release 1.11.5 · cilium/cilium · GitHub | MISC | github.com | |
| Release 1.9.16 · cilium/cilium · GitHub | MISC | github.com | |
| Release 1.10.11 · cilium/cilium · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.