CVE-2024-28248

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://docs.cilium.io/en/stable/security/policy/language/#http
https://github.com/cilium/cilium/releases/tag/v1.13.13
https://github.com/cilium/cilium/releases/tag/v1.14.8
https://github.com/cilium/cilium/releases/tag/v1.15.2
https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85
https://docs.cilium.io/en/stable/security/policy/language/#http
https://github.com/cilium/cilium/releases/tag/v1.13.13
https://github.com/cilium/cilium/releases/tag/v1.14.8
https://github.com/cilium/cilium/releases/tag/v1.15.2
https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85

Configurations

No configuration.

History

21 Nov 2024, 09:06

Type	Values Removed	Values Added
References	~~() https://docs.cilium.io/en/stable/security/policy/language/#http -~~	() https://docs.cilium.io/en/stable/security/policy/language/#http -
References	~~() https://github.com/cilium/cilium/releases/tag/v1.13.13 -~~	() https://github.com/cilium/cilium/releases/tag/v1.13.13 -
References	~~() https://github.com/cilium/cilium/releases/tag/v1.14.8 -~~	() https://github.com/cilium/cilium/releases/tag/v1.14.8 -
References	~~() https://github.com/cilium/cilium/releases/tag/v1.15.2 -~~	() https://github.com/cilium/cilium/releases/tag/v1.15.2 -
References	~~() https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85 -~~	() https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85 -

19 Mar 2024, 13:26

Type	Values Removed	Values Added
Summary		(es) Cilium es una solución de redes, observabilidad y seguridad con un plano de datos basado en eBPF. A partir de la versión 1.13.9 y antes de las versiones 1.13.13, 1.14.8 y 1.15.2, las políticas HTTP de Cilium no se aplican de manera consistente a todo el tráfico en el alcance de las políticas, lo que lleva a que el tráfico HTTP se reenvíe de manera incorrecta e intermitente cuando debería dejarse caer. Este problema se solucionó en Cilium 1.15.2, 1.14.8 y 1.13.13. No se conocen workarounds para este problema.

18 Mar 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-18 22:15

Updated : 2024-11-21 09:06

NVD link : CVE-2024-28248

Mitre link : CVE-2024-28248

CVE.ORG link : CVE-2024-28248

JSON object : View

Products Affected

No product.

CWE

CWE-693

Protection Mechanism Failure

7.2 /10