VDB
CVE-2023-27593
CVE-2023-27593
PUBLISHED
CVSS 5.5 MEDIUM
cilium-agent container can access the host via `hostPath` mount
EPSS 0.02% · 6.4th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.02%
6.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cilium | cilium | |
| Bitnami | cilium-operator | 1.13.0, 1.12.0, 0 |
| Bitnami | cilium | 1.12.0, 1.13.0, 0 |
| Bitnami | hubble-relay | 1.12.0, 1.13.0, 0 |
| Bitnami | cilium | 0, 1.12.0, 1.13.0 |
| Bitnami | cilium-operator | 1.13.0, 1.13.0, 1.12.0 |
Timeline
- Mar 11, 2023 Fix PR Merged
- Mar 17, 2023 CVE Published
- Mar 17, 2023 PoC Published
- Mar 18, 2023 EPSS Score
- Apr 26, 2023 EPSS Score
- Jun 3, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
- Aug 19, 2023 EPSS Score
- Sep 27, 2023 EPSS Score
- Nov 4, 2023 EPSS Score
- Dec 13, 2023 EPSS Score
- Jan 20, 2024 EPSS Score
References
- https://github.com/cilium/cilium/pull/24075 url
- https://github.com/cilium/cilium/releases/tag/v1.11.15 url
- https://github.com/cilium/cilium/releases/tag/v1.12.8 url
- https://github.com/cilium/cilium/releases/tag/v1.13.1 url
- https://github.com/cilium/cilium/security/advisories/GHSA-4hc4-pgfx-3mrx url
- https://kubernetes.io/docs/reference/access-authn-authz/rbac/ url
- https://nvd.nist.gov/vuln/detail/CVE-2023-27593 url