2 matches found
BIT-CILIUM-2024-47825 CIDR deny policies may not take effect when a more narrow CIDR allow is present
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSe...
PT-2024-32836 · Cilium +1 · Cilium +1
Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14.0 through 1.14.15 Cilium versions 1.15.0 through 1.15.9 Description: A policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSet or toFQDN and...