CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
9.0%
github.com/cilium/cilium is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of checks to confirm if the L7 proxy is enabled or disabled before processing the proxyVisibility
annotations. When the L7 proxy is disabled, any workload with these annotations can crash the Cilium agent on the node where it’s scheduled, which This results in a Denial of Service (DoS) for that specific node.
github.com/cilium/cilium/commit/049c1b46c67470b29d13b12f4012baabc68946a4
github.com/cilium/cilium/commit/4629f0b750b3736143d15594f104db2285b7d35a
github.com/cilium/cilium/commit/6ccbdd5b3169497db1adebf12d607f91676e67c1
github.com/cilium/cilium/pull/27597
github.com/cilium/cilium/security/advisories/GHSA-24m5-r6hv-ccgp