Vulnerability Report: GO-2024-2656

CVE-2024-28249, GHSA-j89h-qrvr-xc36
Affects: github.com/cilium/cilium
Published: Mar 22, 2024
Modified: May 20, 2024

In Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, traffic that should be IPsec-encrypted between a node's Envoy proxy and pods on other nodes is sent unencrypted, and traffic that should be IPsec-encrypted between a node's DNS proxy and pods on other nodes is sent unencrypted.

For detailed information about this vulnerability, visit https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36.

Affected Modules

Path

Go Versions
github.com/cilium/cilium

before v1.13.13, from v1.14.0 before v1.14.8, from v1.15.0 before v1.15.2

Aliases

CVE-2024-28249
GHSA-j89h-qrvr-xc36

References

https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
https://vuln.go.dev/ID/GO-2024-2656.json

Credits

@jschwinger233, @julianwiedmann, @giorio94, @jrajahalme

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL