CVE-2023-28114

Name of the Vulnerable Software and Affected Versions cilium-cli versions prior to 0.13.2

Description The issue arises when cilium-cli is used to configure cluster mesh functionality, potentially removing the enforcement of user permissions on the etcd store. This occurs due to an incorrect mount point specification, causing the settings specified by the initContainer to be overwritten. As a result, an attacker with access to a valid key and certificate for the compromised etcd cluster could modify its state.

Recommendations For versions prior to 0.13.2, update to version 0.13.2 to resolve the issue. As a temporary workaround, consider using Cilium's Helm charts to create the cluster instead of cilium-cli.