10 matches found
Improper Access Control
Cilium is vulnerable to improper access control. The vulnerability is due to the creation of a world-accessible Envoy admin socket when L7 functionality is enabled, which allows a local attacker to access Envoy administrative endpoints, potentially exposing sensitive information such as TLS...
PT-2026-56051
Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...
GO-2025-3418 Envoy Admin Interface Exposed through prometheus metrics endpoint in github.com/envoyproxy/gateway
Envoy Admin Interface Exposed through prometheus metrics endpoint in github.com/envoyproxy/gateway...
GHSA-J777-63HF-HX76 Envoy Admin Interface Exposed through prometheus metrics endpoint
Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...
Envoy Admin Interface Exposed through prometheus metrics endpoint
Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...
CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...
CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...
GO-2022-0922 ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour
ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour...
CVE-2021-32783
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...
PT-2021-19929 · Contour +1 · Contour +1
Name of the Vulnerable Software and Affected Versions: Contour versions prior to 1.17.1 Contour versions prior to 1.18.0 Description: A specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy containe...