CVE-2023-39347

Description

Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

Affected packages (9)

• Bitnami/ciliumfrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
• Bitnami/cilium-operatorfrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
• Bitnami/cilium-proxyfrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
• Bitnami/hubblefrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
• Bitnami/hubble-relayfrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
• Bitnami/hubble-uifrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
• Bitnami/hubble-ui-backendfrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
• Go/github.com/cilium/ciliumfrom 0, < 1.12.14, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.2
• Go/github.com/cilium/cilium>= 1.13.0, < 1.13.7

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-39347
• PATCHhttps://github.com/cilium/cilium
• WEBhttps://docs.cilium.io/en/latest/security/threat-model/#kubernetes-api-server-attacker
• WEBhttps://github.com/cilium/cilium/security/advisories/GHSA-gj2r-phwg-6rww