CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/07/01 11:18 a.m.•19 views

BIT-HUBBLE-UI-2023-27594

7.3CVSS7AI score0.00057EPSS

OSV•added 2024/07/01 11:18 a.m.•6 views

BIT-HUBBLE-UI-2023-27595

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...

9.8CVSS9.2AI score0.00064EPSS

OSV•added 2024/07/01 11:18 a.m.•10 views

BIT-HUBBLE-UI-2023-29002

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...

7.2CVSS6.1AI score0.00071EPSS

Exploits0References1

OSV•added 2024/07/01 11:17 a.m.•9 views

BIT-HUBBLE-UI-BACKEND-2023-34242

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

5.3CVSS4.3AI score0.00074EPSS

Exploits0References2

OSV•added 2024/07/01 11:17 a.m.•20 views

BIT-HUBBLE-UI-BACKEND-2023-39347

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

9CVSS8.2AI score0.00032EPSS

OSV•added 2024/07/01 11:17 a.m.•12 views

BIT-HUBBLE-UI-2023-41332

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

3.5CVSS3.5AI score0.00052EPSS

OSV•added 2024/07/01 11:16 a.m.•12 views

BIT-HUBBLE-UI-2023-41333

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

8.1CVSS7.1AI score0.00019EPSS

OSV•added 2024/07/01 11:16 a.m.•18 views

BIT-HUBBLE-UI-BACKEND-2023-41333

8.1CVSS7.1AI score0.00019EPSS

OSV•added 2024/07/01 11:15 a.m.•10 views

BIT-HUBBLE-UI-2024-28249

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...

6.1CVSS6AI score0.00302EPSS

OSV•added 2024/07/01 11:15 a.m.•15 views

BIT-HUBBLE-UI-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

8CVSS7.4AI score0.0003EPSS

Exploits0References5

OSV•added 2024/07/01 11:14 a.m.•10 views

BIT-HUBBLE-UI-BACKEND-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...

7.9CVSS6.7AI score0.00049EPSS

Exploits0References7

OSV•added 2024/07/01 11:13 a.m.•53 views

BIT-CILIUM-PROXY-2023-27593

5.5CVSS5.3AI score0.00022EPSS

Exploits0References6

OSV•added 2024/07/01 11:13 a.m.•7 views

BIT-CILIUM-PROXY-2023-27594

7.3CVSS7AI score0.00057EPSS

OSV•added 2024/07/01 11:12 a.m.•15 views

BIT-CILIUM-PROXY-2023-30851

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be...

5.3CVSS4.4AI score0.00173EPSS

OSV•added 2024/07/01 11:12 a.m.•14 views

BIT-CILIUM-PROXY-2023-39347

9CVSS8.2AI score0.00032EPSS

OSV•added 2024/07/01 11:12 a.m.•9 views

BIT-CILIUM-PROXY-2023-41332

3.5CVSS3.5AI score0.00052EPSS

OSV•added 2024/07/01 11:11 a.m.•12 views

BIT-CILIUM-PROXY-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

6.1CVSS5.5AI score0.00051EPSS

OSV•added 2024/07/01 11:10 a.m.•11 views

BIT-CILIUM-PROXY-2024-28249

6.1CVSS6AI score0.00302EPSS