CVE-2023-41333

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Sep 27, 2023
Updated: Sep 30, 2023
CWE ID 306

Summary

CVE-2023-41333 affects Cilium, a networking, observability, and security solution that utilizes an eBPF-based dataplane. An attacker with access to modify CiliumNetworkPolicy objects in a specific namespace can bypass policy enforcement across the entire Cilium cluster. They can achieve this by employing a crafted `endpointSelector` with the `DoesNotExist` operator on the `reserved:init` label. This vulnerability allows potential traffic allowing or denial for the entire cluster. The attacker must have API server access, as outlined in the Kubernetes API Server Attacker section of Cilium's threat model. The issue has been addressed in Cilium versions 1.14.2, 1.13.7, and 1.12.14. As a workaround, an admission webhook can be implemented to restrict the usage of `endpointSelectors` with the `DoesNotExist` operator on the `reserved:init` label in CiliumNetworkPolicies.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-41333 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database