4 matches found
CVE-2023-32199
CVE-2023-32199 concerns Rancher Manager where removing a custom GlobalRole that grants administrative access or its binding leaves the user with cluster access. Affected are custom GlobalRoles with a wildcard (*) on resources or non-resource URLs, which can result in orphaned ClusterRoleBindings ...
CVE-2023-30851
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be...
CVE-2023-30851 Potential HTTP policy bypass when using header rules in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be...
PT-2023-23007 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.11.16 Cilium versions prior to 1.12.9 Cilium versions prior to 1.13.2 Description: This issue impacts users with a HTTP policy that applies to multiple toEndpoints and have an allow-all rule in place that affects on...