28 matches found
CVE-2026-54765
Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...
PT-2026-56012
Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.5 Description Traefik's Kubernetes Gateway API provider may incorrectly resolve two accepted HTTPRoutes that target the same backend Service:port but use different backendRef filters for the same child servic...
CVE-2026-54761
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...
GHSA-3G6V-2R68-PRFC Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...
EUVD-2024-2669
Malicious code in bioql PyPI...
EUVD-2023-1875
Malicious code in bioql PyPI...
CVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
BIT-HUBBLE-RELAY-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
BIT-CILIUM-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
BIT-CILIUM-OPERATOR-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
GO-2024-3074 Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium...
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API
Impact Due to ReferenceGrant changes not being immediately propagated in Cilium's GatewayAPI controller, Gateway resources are able to access secrets in other namespaces after the associated ReferenceGrant has been revoked. This can lead to Gateways continuing to establish sessions using secrets...
GHSA-VWF8-Q6FW-4WCM Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API
Impact Due to ReferenceGrant changes not being immediately propagated in Cilium's GatewayAPI controller, Gateway resources are able to access secrets in other namespaces after the associated ReferenceGrant has been revoked. This can lead to Gateways continuing to establish sessions using secrets...
CVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
CVE-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
CVE-2024-42486
CVE-2024-42486 affects Cilium (1.15.x before 1.15.8 and 1.16.x before 1.16.1). The vulnerability arises from ReferenceGrant changes not being propagated correctly in Cilium’s GatewayAPI controller, potentially allowing Gateway resources to access secrets longer than intended or enabling Routes to...
CVE-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
Cilium 安全漏洞
Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. A security vulnerability exists in Cilium versions 1.15.0 through prior to...
PT-2024-29983 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions 1.15.x through 1.15.7 Cilium version 1.16.0 Description: The issue arises from incorrect propagation of ReferenceGrant changes in Cilium's GatewayAPI controller. This could lead to Gateway resources accessing secrets for longe...