Lucene search
K

119 matches found

OSV
OSV
added 2024/08/17 7:20 a.m.15 views

BIT-HUBBLE-RELAY-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4.3CVSS4AI score0.00535EPSS
Exploits0References4
OSV
OSV
added 2024/08/17 7:16 a.m.78 views

BIT-CILIUM-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4.3CVSS4AI score0.00535EPSS
Exploits0References4
OSV
OSV
added 2024/08/17 7:16 a.m.45 views

BIT-CILIUM-OPERATOR-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4.3CVSS4AI score0.00535EPSS
Exploits0References4
Veracode
Veracode
added 2024/08/16 9:13 a.m.10 views

Security Bypass

github.com/cilium/cilium is vulnerable to Security Bypass. The vulnerability is due to improper implementation of match precedence in Gateway API HTTPRoutes and GRPCRoutes, where request headers are matched before request methods. It allows an attacker to exploit the incorrect request handling...

4.3CVSS6.6AI score0.00535EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.4 views

Cilium 安全漏洞

Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. A security vulnerability exists in Cilium versions 1.15.0 through prior to...

7.2CVSS4.6AI score0.00573EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.4 views

PT-2024-29983 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.15.x through 1.15.7 Cilium version 1.16.0 Description: The issue arises from incorrect propagation of ReferenceGrant changes in Cilium's GatewayAPI controller. This could lead to Gateway resources accessing secrets for longe...

5.4CVSS6.8AI score0.00573EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2024/08/15 9:46 p.m.41 views

Gateway API route matching order contradicts specification

Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...

4.3CVSS6.3AI score0.00535EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/08/15 9:46 p.m.44 views

GHSA-QCM3-7879-XCWW Gateway API route matching order contradicts specification

Impact Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched...

4CVSS4AI score0.00535EPSS
Exploits0References7
NVD
NVD
added 2024/08/15 9:15 p.m.40 views

CVE-2024-42487

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4.3CVSS0.00535EPSS
Exploits0References3
OSV
OSV
added 2024/08/15 8:26 p.m.19 views

CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4CVSS6.2AI score0.00535EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/15 8:26 p.m.19 views

CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4CVSS6.6AI score0.00535EPSS
Exploits0References3
CVE
CVE
added 2024/08/15 8:26 p.m.312 views

CVE-2024-42487

Cilium (1.15.x before 1.15.8 and 1.16.x before 1.16.1) has a header-vs-methods match-order flaw in Gateway API HTTPRoutes/GRPCRoutes. The match precedence described by the Gateway API specification is violated, causing potential security-related misbehavior. Affected component: eBPF-based datapla...

4.3CVSS4.1AI score0.00535EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/08/15 8:26 p.m.41 views

CVE-2024-42487 Cilium's Gateway API route matching order contradicts specification

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular,...

4CVSS0.00535EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.4 views

PT-2024-29984 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.15.0 through 1.15.7 Cilium version 1.16.0 Description: The Gateway API HTTPRoutes and GRPCRoutes in Cilium do not follow the match precedence specified in the Gateway API specification. Request headers are matched before...

4.3CVSS6.6AI score0.00535EPSS
Exploits0References16
CNNVD
CNNVD
added 2024/08/15 12:0 a.m.4 views

Cilium 安全漏洞

Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium versions prior to 1.15.8 and 1.16....

4.3CVSS6.4AI score0.00535EPSS
Exploits0References4
OSV
OSV
added 2024/07/01 11:17 a.m.32 views

BIT-HUBBLE-UI-BACKEND-2023-34242

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

5.3CVSS4.3AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2024/07/01 11:17 a.m.27 views

BIT-HUBBLE-UI-2023-34242

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

5.3CVSS4.3AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2024/07/01 11:14 a.m.30 views

BIT-HUBBLE-UI-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...

7.9CVSS6.7AI score0.0018EPSS
Exploits0References7
OSV
OSV
added 2024/07/01 11:14 a.m.24 views

BIT-HUBBLE-UI-BACKEND-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...

7.9CVSS6.7AI score0.0018EPSS
Exploits0References7
OSV
OSV
added 2024/07/01 11:12 a.m.18 views

BIT-CILIUM-PROXY-2023-34242

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

5.3CVSS4.3AI score0.00305EPSS
Exploits0References2
Rows per page
Query Builder