Affected by GO-2023-2078 and 11 other vulnerabilities

GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium

GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium

GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium

GO-2024-2568: Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium

GO-2024-2569: Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium

GO-2024-2653: HTTP policy bypass in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2657: Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-2922: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2024-3208: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium

lib

package

v1.14.0 Latest Latest Go to latest Published: Jul 27, 2023 License: Apache-2.0 Imports: 11 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Open Source Insights

Documentation ¶

Index ¶

type DeletionFallbackClient
- func NewDeletionFallbackClient(logger *logrus.Entry) (*DeletionFallbackClient, error)
- func (dc *DeletionFallbackClient) EndpointDelete(id string) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DeletionFallbackClient ¶

type DeletionFallbackClient struct {
	// contains filtered or unexported fields
}

func NewDeletionFallbackClient ¶

func NewDeletionFallbackClient(logger *logrus.Entry) (*DeletionFallbackClient, error)

NewDeletionFallbackClient creates a client that will either issue an EndpointDelete request via the api, *or* queue one in a temporary directory. To prevent race conditions, the logic is: 1. Try and connect to the socket. if that succeeds, done 2. Otherwise, take a shared lock on the delete queue directory 3. Once we get the lock, check to see if the socket now exists 4. If it exists, drop the lock and use the api

func (*DeletionFallbackClient) EndpointDelete ¶

func (dc *DeletionFallbackClient) EndpointDelete(id string) error

EndpointDelete deletes an endpoint given by an endpoint id, either by directly accessing the API or dropping in a queued-deletion file. endpoint-id is a qualified endpoint reference, e.g. "container-id:XXXXXXX"

Source Files ¶

View all Source files

deletion_queue.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL