github.com/cilium/cilium-cli is vulnerable to Privilege Escalation. The vulnerability exists due to the incorrect mount point specification in the generateDeployment
function of clustermesh.go
, which overwrites the permissions specified in the initContainer
when using cilium-cli
to configure a cluster mesh, allowing an attacker to gain access to the valid key and certificate for a etcd
cluster and modify the state in that etcd
cluster.