Affected by GO-2022-0393
and 12 other vulnerabilities
GO-2022-0393: Network policy may be bypassed by some ICMP Echo Requests in github.com/cilium/cilium
GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium
GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium
GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium
GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium
GO-2023-1730: Debug mode leaks confidential data in Cilium in github.com/cilium/cilium
GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium
GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium
GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium
GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium
GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium
GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium
GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium
package
Version:
v1.7.9
Opens a new window with list of versions in this module.
Published: Sep 2, 2020
License: Apache-2.0
Opens a new window with license information.
Imports: 10
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
¶
-
type API
-
func (e *API) AssignPrivateIpAddresses(ctx context.Context, eniID string, addresses int64) error
-
func (e *API) AttachNetworkInterface(ctx context.Context, index int64, instanceID, eniID string) (string, error)
-
func (e *API) CreateNetworkInterface(ctx context.Context, toAllocate int64, subnetID, desc string, groups []string) (string, *v2.ENI, error)
-
func (e *API) DeleteNetworkInterface(ctx context.Context, eniID string) error
-
func (e *API) GetInstances(ctx context.Context, vpcs types.VpcMap, subnets types.SubnetMap) (types.InstanceMap, error)
-
func (e *API) GetSecurityGroups(ctx context.Context) (types.SecurityGroupMap, error)
-
func (e *API) GetSubnets(ctx context.Context) (types.SubnetMap, error)
-
func (e *API) GetVpcs(ctx context.Context) (types.VpcMap, error)
-
func (e *API) ModifyNetworkInterface(ctx context.Context, eniID, attachmentID string, deleteOnTermination bool) error
-
func (e *API) SetDelay(op Operation, delay time.Duration)
-
func (e *API) SetLimiter(limit float64, burst int)
-
func (e *API) SetMockError(op Operation, err error)
-
func (e *API) TagENI(ctx context.Context, eniID string, eniTags map[string]string) error
-
func (e *API) UnassignPrivateIpAddresses(ctx context.Context, eniID string, addresses []string) error
-
type Operation
SetDelay specifies the delay which should be simulated for an individual EC2
API operation
SetLimiter adds a rate limiter to all simulated API calls
SetMockError modifies the mock API to return an error for a particular
operation
Operation is an EC2 API operation that this mock API supports
const (
AllOperations Operation = iota
CreateNetworkInterface
DeleteNetworkInterface
AttachNetworkInterface
ModifyNetworkInterface
AssignPrivateIpAddresses
UnassignPrivateIpAddresses
TagENI
MaxOperation
)
Source Files
¶
Click to show internal directories.
Click to hide internal directories.