CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
9.0%
github.com/cilium/cilium is vulnerable to Insufficient Verification Of Data Authenticity. The vulnerability is due to in GetPodMetadata
as there is no check or sanitization for user changing namespace, service account or cluster name labels. This allow an attacker to utilize crafted pod labels during a pod update, and cilium incorrectly uses crafted pod labels to select the policies which apply to the workload in question and which could lead to network policy bypassing.
docs.cilium.io/en/latest/security/threat-model/#kubernetes-api-server-attacker
github.com/cilium/cilium/commit/5e0c80ec3554ca932cf63d7bacf0421cddd5a6d4
github.com/cilium/cilium/commit/6e1b8ebaf054369ea81f94a9f32ac4be628c4a1a
github.com/cilium/cilium/commit/a1da5b868265fd0c4bf4cb4178fc7d837b256acf
github.com/cilium/cilium/security/advisories/GHSA-gj2r-phwg-6rww