defaults

Jul 21, 2017 GO-2022-0457 +10 more

  GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

  GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

  GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

  GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

  GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

  GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

  GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

  GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

  GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

  GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

  GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

May 30, 2017 GO-2022-0457 +10 more

  GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

  GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

  GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

  GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

  GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

  GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

  GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

  GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

  GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

  GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

  GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

May 24, 2017 GO-2022-0457 +10 more

  GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

  GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

  GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

  GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

  GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

  GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

  GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

  GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

  GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

  GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

  GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

Apr 14, 2017 GO-2022-0457 +10 more

  GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

  GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

  GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

  GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

  GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

  GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

  GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

  GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

  GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

  GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

  GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

Changes in this version

+ const StateDir

+ const StateDirRights

Apr 6, 2017 GO-2022-0457 +10 more

  GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

  GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

  GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

  GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

  GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

  GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

  GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

  GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

  GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

  GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

  GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

Mar 28, 2017 GO-2022-0457 +10 more

  GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium

  GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium

  GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

  GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium

  GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium

  GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

  GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

  GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

  GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

  GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

  GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

Changes in this version

+ const BpfDir

+ const LibraryPath

+ const RuntimePath

+ const RuntimePathRights

+ const SockPath

+ const SockPathEnv