CVE-2023-28114

Description

`cilium-cli` disables etcd authorization for clustermesh clusters in github.com/cilium/cilium-cli

How to fix CVE-2023-28114

To remediate CVE-2023-28114, upgrade the affected package to a fixed version below.

• Go/github.com/cilium/cilium-cli—upgrade to 0.13.2 or later
• —upgrade to 0.13.2 or later

Is CVE-2023-28114 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.13.2
• from 0, < 0.13.2

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-28114
• PATCHgithub.com/cilium/cilium-cli
• WEBartifacthub.io/packages/helm/cilium/cilium
• WEBgithub.com/cilium/cilium-cli/commit/fb1427025764e1eebc4a7710d902c4f22cae2610
• WEB