CVE-2023-34242 Cilium vulnerable to information leakage via incorrect ReferenceGrant handling

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of...

PT-2023-24766 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.13.4 Description: The issue arises when Gateway API is enabled in Cilium, allowing an attacker on an affected cluster to leverage the absence of a check on the namespace in which a ReferenceGrant is created. This...

Cilium 信息泄露漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. An information disclosure vulnerability exists in versions of Cilium prior to 1.13.4, which stems fr...