### Impact

When the [Gateway API](https://docs.cilium.io/en/v1.13/network/servicemesh/gateway-api/gateway-api/) is enabled in Cilium, the absence of a check on the namespace in which a [ReferenceGrant](https://gateway-api.sigs.k8s.io/api-types/referencegrant/) is created could result in Cilium gaining visibility of secrets (including certificates) and services across namespaces.

An attacker on an affected cluster can configure Cilium to use cluster secrets or communicate with services that it should not have access to.

Gateway API functionality is disabled by default.

### Patches

This vulnerability is fixed in Cilium release 1.13.4.

Cilium versions Read More