Cilium eBPF filters may be temporarily removed during agent restart
CVE-2023-27595

6.5MEDIUM

Key Information:

Vendor

Cilium

Status
Cilium
Vendor
CVE Published:
17 March 2023

What is CVE-2023-27595?

Cilium, a networking and security solution, experiences a vulnerability in version 1.13.0 where its eBPF programs are not immediately attached at startup. This delay can disrupt newly established connections due to inadequate load balancing and potentially allow network policies to be bypassed. Affected endpoints include Kubernetes Pods and the host network namespace. The issue is resolved in version 1.13.1 and does not impact prior versions 1.12.x or 1.11.x.

Affected Version(s)

cilium = 1.13.0

References

https://github.com/cilium/cilium/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/cilium/cilium/pull/24336
x_refsource_MISC
https://github.com/cilium/cilium/releases/tag/v1.13.1
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.