CVE-2024-25630
5.3
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.6 / Impact: 3.6
Source: NVD
Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
Affected (1)
Related CWEs
CWE-311
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
References (6)
Source: security-advisories@github.com
Product
Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.