github.com/cilium/cilium is vulnerable to Improper Access Control. An authenticated attacker is able to write to /opt/cni/bin
due to a hostPath
mount in the agent pod, which allows the attacker to gain access to the underlying node by replacing the CNI binary with their own malicious binary and wait for the creation of a new pod on the node.
github.com/cilium/cilium/commit/1be0708f6f7a014e02748c17444fe8a11ecaa364
github.com/cilium/cilium/commit/78e55d9f6429ba068b382b2b4502f84ce50e8b8e
github.com/cilium/cilium/commit/9566881d3159e5bbe9e12f32e27e28216f68f3dd
github.com/cilium/cilium/pull/24075
github.com/cilium/cilium/releases/tag/v1.11.15
github.com/cilium/cilium/releases/tag/v1.12.8
github.com/cilium/cilium/releases/tag/v1.13.1
github.com/cilium/cilium/security/advisories/GHSA-4hc4-pgfx-3mrx
kubernetes.io/docs/reference/access-authn-authz/rbac/