-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29178 #457
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
Vulnerability in tool. |
neild
added
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
and removed
NotGoVuln
labels
Aug 10, 2022
This was referenced Mar 17, 2023
This was referenced May 22, 2023
This was referenced Sep 26, 2023
This was referenced Feb 20, 2024
This was referenced Mar 18, 2024
Change https://go.dev/cl/592768 mentions this issue: |
This was referenced Aug 15, 2024
Change https://go.dev/cl/607219 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
- data/reports/GO-2022-0457.yaml - data/reports/GO-2022-0458.yaml - data/reports/GO-2022-0459.yaml - data/reports/GO-2022-0471.yaml - data/reports/GO-2022-0473.yaml - data/reports/GO-2022-0480.yaml - data/reports/GO-2022-0482.yaml - data/reports/GO-2022-0483.yaml - data/reports/GO-2022-0490.yaml - data/reports/GO-2022-0491.yaml - data/reports/GO-2022-0494.yaml - data/reports/GO-2022-0495.yaml - data/reports/GO-2022-0496.yaml - data/reports/GO-2022-0497.yaml - data/reports/GO-2022-0498.yaml - data/reports/GO-2022-0499.yaml - data/reports/GO-2022-0500.yaml - data/reports/GO-2022-0501.yaml - data/reports/GO-2022-0502.yaml - data/reports/GO-2022-0505.yaml Updates #457 Updates #458 Updates #459 Updates #471 Updates #473 Updates #480 Updates #482 Updates #483 Updates #490 Updates #491 Updates #494 Updates #495 Updates #496 Updates #497 Updates #498 Updates #499 Updates #500 Updates #501 Updates #502 Updates #505 Change-Id: I92c5f4afd83bb1c6bd9f448bc65ca730c64ce770 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607219 Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2022-29178 references github.com/cilium/cilium, which may be a Go module.
Description:
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000 can access the API of Cilium via Unix domain socket available on the host where Cilium is running. This could allow malicious users to compromise integrity as well as system availability on that host. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. A potential workaround is to modify Cilium's DaemonSet to run with a certain command, which can be found in the GitHub Security Advisory for this vulnerability.
Links:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: