23 matches found
EUVD-2024-2669
Malicious code in bioql PyPI...
EUVD-2023-1875
Malicious code in bioql PyPI...
CVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
BIT-HUBBLE-RELAY-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
BIT-CILIUM-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
BIT-CILIUM-OPERATOR-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
GO-2024-3074 Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium...
GHSA-VWF8-Q6FW-4WCM Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API
Impact Due to ReferenceGrant changes not being immediately propagated in Cilium's GatewayAPI controller, Gateway resources are able to access secrets in other namespaces after the associated ReferenceGrant has been revoked. This can lead to Gateways continuing to establish sessions using secrets...
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API
Impact Due to ReferenceGrant changes not being immediately propagated in Cilium's GatewayAPI controller, Gateway resources are able to access secrets in other namespaces after the associated ReferenceGrant has been revoked. This can lead to Gateways continuing to establish sessions using secrets...
CVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
CVE-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
CVE-2024-42486
CVE-2024-42486 affects Cilium (1.15.x before 1.15.8 and 1.16.x before 1.16.1). The vulnerability arises from ReferenceGrant changes not being propagated correctly in Cilium’s GatewayAPI controller, potentially allowing Gateway resources to access secrets longer than intended or enabling Routes to...
CVE-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
Cilium 安全漏洞
Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. A security vulnerability exists in Cilium versions 1.15.0 through prior to...
PT-2024-29983 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions 1.15.x through 1.15.7 Cilium version 1.16.0 Description: The issue arises from incorrect propagation of ReferenceGrant changes in Cilium's GatewayAPI controller. This could lead to Gateway resources accessing secrets for longe...
BIT-HUBBLE-UI-BACKEND-2023-34242
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...
BIT-CILIUM-2023-34242 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...
GHSA-R7WR-4W5Q-55M6 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Impact When the Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium gaining visibility of secrets including certificates and services across namespaces. An attacker on an affected cluster can configure Cilium to use...
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Impact When the Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium gaining visibility of secrets including certificates and services across namespaces. An attacker on an affected cluster can configure Cilium to use...
Design/Logic Flaw
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...