CVE-2022-29179
HIGHCilium <1.9.16, <1.10.11, <1.11.15 - Privilege Escalation
Title source: llmDescription
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. There are no known workarounds available.
References (4)
Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/cilium/cilium/releases/tag/v1.10.11
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/cilium/cilium/releases/tag/v1.11.5
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/cilium/cilium/releases/tag/v1.9.16
Third Party Advisory x_refsource_confirm
https://github.com/cilium/cilium/security/advisories/GHSA-fmrf-gvjp-5j5g
Scores
CVSS v3
7.5
EPSS
0.0036
EPSS Percentile
27.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (2)
cilium/cilium
< 1.9.16
cilium/cilium
1.11.0 - 1.11.5Go
Published
May 20, 2022
Tracked Since
Feb 18, 2026