github.com/cilium/cilium is vulnerable to Network Policy Bypass. The library may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host, which allows a remote attacker to bypass network policies when IPv6
routing is enabled and NodePorts
are used to route traffic to pods.
github.com/advisories/GHSA-8fg8-jh2h-f2hc
github.com/cilium/cilium/commit/900d6539bb587591efbea64a9970069173487b61
github.com/cilium/cilium/commit/9b886876ffe16ab6992b052f20a3e7a2b1bcd839
github.com/cilium/cilium/commit/b29f4012d28489fc21fb7c6f4cf36e747d5b0493
github.com/cilium/cilium/releases/tag/v1.11.15
github.com/cilium/cilium/releases/tag/v1.12.8
github.com/cilium/cilium/releases/tag/v1.13.1
github.com/cilium/cilium/security/advisories/GHSA-8fg8-jh2h-f2hc