← Back

CVE-2024-28249

nvd nist
Published: Mar 18, 2024Modified: Jan 9, 2025

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Exploitability: 1.6 / Impact: 4.0
Source: NVD

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.

Affected (3)

Products: Cilium: Cilium
Cilium
1 product
Cilium
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Cilium
Cilium
Before 1.13.13
Cilium
From 1.14.0 to 1.14.8
Cilium
From 1.15.0 to 1.15.2

Related CWEs

CWE-311
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (8)

Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.