How severe is CVE-2022-29178?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2022-29178?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2022-29178 - HIGH Severity | CVSS 8.2

Vulnerability Description

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000 can access the API of Cilium via Unix domain socket available on the host where Cilium is running. This could allow malicious users to compromise integrity as well as system availability on that host. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. A potential workaround is to modify Cilium's DaemonSet to run with a certain command, which can be found in the GitHub Security Advisory for this vulnerability.

Related Vulnerabilities

CVE-2020-12118

HIGH

CVSS:8.2(High)

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from...

CWE-2762020

CVE-2020-15145

HIGH

CVSS:8.2(High)

In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may...

CWE-2762020

CVE-2021-44905

HIGH

CVSS:8.2(High)

Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name.

CWE-2762021

CVE-2022-4020

HIGH

CVSS:8.2(High)

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

CWE-2762022

CVE-2024-20005

HIGH

CVSS:8.2(High)

In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed...

CWE-2762024

CVE-2024-45067

MEDIUM

CVSS:8.2(High)

Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-2762024