7.9 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%
github.com/cilium/cilium is vulnerable to Information Disclosure. The vulnerability is due to the output of cilium-bugtool
containing sensitive data when the tool is run with the --envoy-dump
flag in deployments where the Envoy proxy is enabled. Attackers who gain access to this output could potentially exploit exposed sensitive information such as private keys and API keys.
github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407
github.com/cilium/cilium/commit/224e288a5bf40d0bb0f16c9413693b319633431a
github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741
github.com/cilium/cilium/commit/958d7b77274bf2c272d8cdfd812631d644250653
github.com/cilium/cilium/commit/9eb25ba40391a9b035d7e66401b862818f4aac4b
github.com/cilium/cilium/commit/bf9a1ae1b2d2b2c9cca329d7aa96aa4858032a61
github.com/cilium/cilium/security/advisories/GHSA-wh78-7948-358j
7.9 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%