Affected by GO-2022-0457 and 10 other vulnerabilities

GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

maps/

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/cilium

Directories ¶

Path	Synopsis
cidrmap
configmap Package configmap represents the endpoint's configuration.	Package configmap represents the endpoint's configuration.
ctmap
encrypt Package encrypt represents the nodes current encryption state.	Package encrypt represents the nodes current encryption state.
eppolicymap Package eppolicymap represents the map from an endpoint ID to its policy map.	Package eppolicymap represents the map from an endpoint ID to its policy map.
ipcache
lbmap
lxcmap Package lxcmap represents the endpoints BPF map in the BPF programs.	Package lxcmap represents the endpoints BPF map in the BPF programs.
metricsmap Package metricsmap represents the BPF metrics map in the BPF programs.	Package metricsmap represents the BPF metrics map in the BPF programs.
nat Package nat implements the BPF NAT map interaction code.	Package nat implements the BPF NAT map interaction code.
policymap
proxymap
sockmap Package Sockmap represents the map from 5-tuple to the socket.	Package Sockmap represents the map from 5-tuple to the socket.
tunnel

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL