109 matches found
BIT-CILIUM-OPERATOR-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
GO-2025-3560 Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium...
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...
GHSA-24QP-4XX8-3JVJ Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
CVE-2025-30162
Cilium CVE-2025-30162 affects the eBPF-based dataplane in Cilium when Gateway API for Ingress is used with LB-IPAM or BGP LB services and namespace egress policies. The issue allows egress traffic from workloads governed by such policies to LoadBalancers configured by Gateway resources, while Loa...
PT-2025-12672
Name of the Vulnerable Software and Affected Versions Cilium versions 1.15.0 through 1.15.14 Cilium versions 1.16.0 through 1.16.7 Cilium versions 1.17.0 through 1.17.1 Description The issue affects Cilium users who use Gateway API for Ingress and LB-IPAM or BGP for LoadBalancer Service...
SUSE CVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
GO-2024-3074 Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium...
BIT-HUBBLE-RELAY-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
BIT-CILIUM-OPERATOR-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
BIT-CILIUM-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
Security Bypass
github.com/cilium/cilium is vulnerable to Security Bypass. The vulnerability is due to improper implementation of match precedence in Gateway API HTTPRoutes and GRPCRoutes, where request headers are matched before request methods. It allows an attacker to exploit the incorrect request handling...
PT-2024-29983 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions 1.15.x through 1.15.7 Cilium version 1.16.0 Description: The issue arises from incorrect propagation of ReferenceGrant changes in Cilium's GatewayAPI controller. This could lead to Gateway resources accessing secrets for longe...
Cilium 安全漏洞
Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. A security vulnerability exists in Cilium versions 1.15.0 through prior to...
GHSA-QCM3-7879-XCWW Gateway API route matching order contradicts specification
Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...
Gateway API route matching order contradicts specification
Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...
CVE-2024-42487
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...
CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...