Lucene search
Veracode Vulnerability DatabaseVERACODE:35646HistoryMay 23, 2022 - 8:44 a.m.
Incorrect Default Permissions
2022-05-2308:44:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
github
cilium
unix socket
file system access
EPSS
0
Percentile
5.1%
github.com/cilium/cilium has incorrect default permissions. A malicious users belonging to the group ID 1000 is able to access the cilium API via the Unix domain socket, allowing an unintended file system access.
References
github.com/cilium/cilium/commit/1a2c052c24ac2440b145a4dd17ebc697ed1bcd44
github.com/cilium/cilium/commit/2f357e6fd91bd04574d743e718229fb23d93c477
github.com/cilium/cilium/commit/9bc8cf03ed7266a8a50a9403505f5de4ac25cf0d
github.com/cilium/cilium/releases/tag/v1.10.11
github.com/cilium/cilium/releases/tag/v1.11.5
github.com/cilium/cilium/releases/tag/v1.9.16
github.com/cilium/cilium/security/advisories/GHSA-6p8v-8cq8-v2r3
Related
osv
osv
CVE-2022-29178
2022-05-20 19:15:08
BIT-cilium-2022-29178
2024-05-15 12:09:01
CGA-w267-wv86-3qm9
2024-06-06 12:26:28
prion
prion
Design/Logic Flaw
2022-05-20 19:15:00
github
github
Access to Unix domain socket can lead to privileges escalation in Cilium
2022-05-24 21:14:41
cvelist
cvelist
CVE-2022-29178 Incorrect Default Permissions in Cilium
2022-05-20 18:15:12
nvd
nvd
CVE-2022-29178
2022-05-20 19:15:08
cve
cve
CVE-2022-29178
2022-05-20 19:15:08