2 matches found
CVE-2025-23047
CVE-2025-23047 affects Cilium with Hubble UI when deployed; insecure default Access-Control-Allow-Origin header can expose cluster configuration. Affected: 1.14.0–1.14.7, 1.15.0–1.15.11, 1.16.0–1.16.4. Exploit requires visiting a malicious page; could reveal Kubernetes cluster details (node names...
CVE-2025-23047 Cilium vulnerable to information leakage via insecure default Hubble UI CORS header
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...