Lucene search

GoogleOSV:BIT-HUBBLE-2024-28249

HistoryJun 04, 2024 - 9:42 a.m.

BIT-hubble-2024-28249

2024-06-0409:42:49

Google

osv.dev

cilium

networking

security

ipsec

unencrypted traffic

ebpf-based

dataplane

6.1 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node’s Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node’s DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.

CPENameOperatorVersion
hubblege1.14.0
hubblelt1.13.13
hubblege1.15.0
hubblelt1.14.8
hubblelt1.15.2

Name	Operator	Version
hubble	ge	1.14.0
hubble	lt	1.13.13
hubble	ge	1.15.0
hubble	lt	1.14.8
hubble	lt	1.15.2

References

github.com/cilium/cilium/releases/tag/v1.13.13

github.com/cilium/cilium/releases/tag/v1.14.8

github.com/cilium/cilium/releases/tag/v1.15.2

github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36

6.1 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for OSV:BIT-HUBBLE-2024-28249