​
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2022-29179

Published

Last updated

https://nvd.nist.gov/vuln/detail/CVE-2022-29179

Severity

8.2

High

CVSS V3

Description

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. There are no known workarounds available.

References

  • https://github.com/advisories/GHSA-fmrf-gvjp-5j5g
  • https://github.com/cilium/cilium/security/advisories/GHSA-fmrf-gvjp-5j5g
  • https://github.com/cilium/cilium/releases/tag/v1.10.11
  • https://github.com/cilium/cilium/releases/tag/v1.11.5
  • https://github.com/cilium/cilium/releases/tag/v1.9.16

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Chainguard Images

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customer StoriesChainguard Love

About UsOpen SourceCareersNewsroomLegal

Unchained BlogResearchEventsTrust CenterDocumentation