CVE-2024-37307 Cilium leaks sensitive information in cilium-bugtool

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...

BIT-HUBBLE-RELAY-2023-34242 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

BIT-CILIUM-2023-34242 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

CVE-2023-41260

Best Practical Request Tracker RT before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls...

Information Disclosure

request-tracker4 is vulnerable to Information Disclosure. The vulnerability allows an attacker to exploit a flaw in the way that RT handles mail-gateway REST API calls to expose sensitive information...

Information Disclosure

github.com/cilium/cilium is vulnerable to Information Disclosure. The vulnerability exists due to the lack of namespace checks for TLS secret references in the Gateway API, which allows an attacker to gain access to secrets including certificates and services across namespaces and configure Ciliu...

GHSA-R7WR-4W5Q-55M6 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Impact When the Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium gaining visibility of secrets including certificates and services across namespaces. An attacker on an affected cluster can configure Cilium to use...

Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Impact When the Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium gaining visibility of secrets including certificates and services across namespaces. An attacker on an affected cluster can configure Cilium to use...

CVE-2023-34242

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

Design/Logic Flaw

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

CVE-2023-34242 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

CVE-2023-34242 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

CVE-2023-34242

CVE-2023-34242 affects Cilium prior to 1.13.4. When Gateway API is enabled, the absence of a namespace check for ReferenceGrant creation can let Cilium inadvertently gain visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster could misuse...

PT-2023-24766 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.13.4 Description: The issue arises when Gateway API is enabled in Cilium, allowing an attacker on an affected cluster to leverage the absence of a check on the namespace in which a ReferenceGrant is created. This...

Cilium 信息泄露漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. An information disclosure vulnerability exists in versions of Cilium prior to 1.13.4, which stems fr...

This Week in Spring - July 19th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week Im trying to wind down some threads and take some vacation with my family. Its going to be an amazing time, indeed! But that doesnt stop the deluge of novelties and news in the wide world of Springdom, so weve got a...

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests...

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests...

Improper access control

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests...

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests...