Lucene search
K

10 matches found

Veracode
Veracode
added 6 days ago8 views

Improper Access Control

Cilium is vulnerable to improper access control. The vulnerability is due to the creation of a world-accessible Envoy admin socket when L7 functionality is enabled, which allows a local attacker to access Envoy administrative endpoints, potentially exposing sensitive information such as TLS...

5.9AI score0.00017EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56051

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References6
OSV
OSV
added 2025/01/28 3:1 p.m.8 views

GO-2025-3418 Envoy Admin Interface Exposed through prometheus metrics endpoint in github.com/envoyproxy/gateway

Envoy Admin Interface Exposed through prometheus metrics endpoint in github.com/envoyproxy/gateway...

7.1CVSS7AI score0.00413EPSS
Exploits0References5
OSV
OSV
added 2025/01/23 5:51 p.m.15 views

GHSA-J777-63HF-HX76 Envoy Admin Interface Exposed through prometheus metrics endpoint

Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...

7.1CVSS7.2AI score0.00413EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/01/23 5:51 p.m.24 views

Envoy Admin Interface Exposed through prometheus metrics endpoint

Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...

7.1CVSS7.2AI score0.00413EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/23 3:20 a.m.9 views

CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...

7.1CVSS7.2AI score0.00413EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/23 3:20 a.m.27 views

CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...

7.1CVSS0.00413EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 4:3 p.m.11 views

GO-2022-0922 ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour

ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour...

8.5CVSS8.5AI score0.01151EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2021/07/23 9:50 p.m.5 views

CVE-2021-32783

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

8.5CVSS8.3AI score0.01151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/07/23 12:0 a.m.4 views

PT-2021-19929 · Contour +1 · Contour +1

Name of the Vulnerable Software and Affected Versions: Contour versions prior to 1.17.1 Contour versions prior to 1.18.0 Description: A specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy containe...

8.5CVSS7.1AI score0.01151EPSS
Exploits0References14
Rows per page
Query Builder