Lucene search

Veracode Vulnerability DatabaseVERACODE:47543

HistoryJun 14, 2024 - 5:46 a.m.

Information Disclosure

2024-06-1405:46:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

information disclosure

cilium

github

sensitive data

envoy proxy

private keys

api keys

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

github.com/cilium/cilium is vulnerable to Information Disclosure. The vulnerability is due to the output of cilium-bugtool containing sensitive data when the tool is run with the --envoy-dump flag in deployments where the Envoy proxy is enabled. Attackers who gain access to this output could potentially exploit exposed sensitive information such as private keys and API keys.

CPENameOperatorVersion
github.com/cilium/ciliumle1.13.16
github.com/cilium/ciliumle1.14.11
github.com/cilium/ciliumle1.15.5
github.com/cilium/ciliumle1.13.16
github.com/cilium/ciliumle1.14.11
github.com/cilium/ciliumle1.15.5

Name	Operator	Version
github.com/cilium/cilium	le	1.13.16
github.com/cilium/cilium	le	1.14.11
github.com/cilium/cilium	le	1.15.5
github.com/cilium/cilium	le	1.13.16
github.com/cilium/cilium	le	1.14.11
github.com/cilium/cilium	le	1.15.5

References

github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407

github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a

github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741

github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653

github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b

github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61

github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for VERACODE:47543