Lucene search
K

40 matches found

OSV
OSV
added 2024/10/21 7:5 p.m.14 views

CVE-2024-47825 CIDR deny policies may not take effect when a more narrow CIDR allow is present

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSe...

4CVSS7.7AI score0.00391EPSS
Exploits0References3
NVD
NVD
added 2024/08/15 9:15 p.m.40 views

CVE-2024-42487

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4.3CVSS0.00535EPSS
Exploits0References3
CVE
CVE
added 2024/08/15 8:36 p.m.282 views

CVE-2024-42488

CVE-2024-42488 affects Cilium’s eBPF dataplane: a race condition in the Cilium agent (pre-patch versions) can cause labels for nodes to be ignored, causing CiliumClusterwideNetworkPolicies to miss labels and potentially bypass policies. Patches are available in Cilium v1.14.14 and v1.15.8; if upg...

6.8CVSS6.5AI score0.005EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/08/15 8:36 p.m.44 views

CVE-2024-42488 Cilium agent's race condition may lead to policy bypass for Host Firewall policy

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies...

6.8CVSS0.005EPSS
Exploits0References3
CVE
CVE
added 2024/08/15 8:26 p.m.312 views

CVE-2024-42487

Cilium (1.15.x before 1.15.8 and 1.16.x before 1.16.1) has a header-vs-methods match-order flaw in Gateway API HTTPRoutes/GRPCRoutes. The match precedence described by the Gateway API specification is violated, causing potential security-related misbehavior. Affected component: eBPF-based datapla...

4.3CVSS4.1AI score0.00535EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/15 8:26 p.m.19 views

CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4CVSS6.2AI score0.00535EPSS
Exploits0References5
OSV
OSV
added 2024/07/01 11:18 a.m.10 views

BIT-HUBBLE-UI-BACKEND-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

7.3CVSS7AI score0.00552EPSS
Exploits0References4
OSV
OSV
added 2024/07/01 11:17 a.m.13 views

BIT-HUBBLE-UI-2023-41332

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

3.5CVSS3.5AI score0.00448EPSS
Exploits1References2
OSV
OSV
added 2024/07/01 11:15 a.m.13 views

BIT-HUBBLE-UI-2024-28249

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...

6.1CVSS6AI score0.00271EPSS
Exploits0References4
OSV
OSV
added 2024/07/01 11:13 a.m.9 views

BIT-CILIUM-PROXY-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

7.3CVSS7AI score0.00552EPSS
Exploits0References4
CVE
CVE
added 2024/06/13 4:9 p.m.320 views

CVE-2024-37307

Summary: CVE-2024-37307 affects Cilium’s cilium-bugtool when run with --envoy-dump against deployments with Envoy enabled. Affected versions: prior to 1.13.7, 1.14.12, and 1.15.6 (i.e., versions 1.13.0–1.13.6, 1.14.0–1.14.11, 1.15.0–1.15.5). Root cause/impact: the tool’s output could contain sens...

7.9CVSS7.5AI score0.0018EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/05/15 12:6 p.m.12 views

BIT-CILIUM-OPERATOR-2023-41332 Denial of service via Kubernetes annotations in specific Cilium configurations

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

3.5CVSS3.5AI score0.00448EPSS
Exploits1References3
NVD
NVD
added 2024/03/27 7:15 p.m.37 views

CVE-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

8CVSS7.6AI score0.00172EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/18 9:31 p.m.12 views

CVE-2024-28248 Cilium intermittent HTTP policy bypass

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being...

7.2CVSS6.7AI score0.0062EPSS
Exploits0References5
NVD
NVD
added 2024/02/20 6:15 p.m.32 views

CVE-2024-25631

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...

6.1CVSS6.1AI score0.002EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/20 6:8 p.m.14 views

CVE-2024-25631 Unencrypted traffic between pods when using Wireguard and an external kvstore

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...

6.1CVSS6.7AI score0.002EPSS
Exploits0References4
Prion
Prion
added 2023/09/27 3:19 p.m.21 views

Design/Logic Flaw

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

3.7CVSS7.9AI score0.00408EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/26 6:30 p.m.14 views

CVE-2023-39347 Cilium NetworkPolicy bypass via pod labels

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

7.6CVSS6.7AI score0.0046EPSS
Exploits1References2
Prion
Prion
added 2023/06/15 8:15 p.m.23 views

Design/Logic Flaw

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

5CVSS5.1AI score0.00305EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/15 7:7 p.m.18 views

CVE-2023-34242 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

3.4CVSS5.2AI score0.00305EPSS
Exploits0References4
Rows per page
Query Builder