Vulnerability Report: GO-2024-2657

CVE-2024-28250, GHSA-v6q2-4qr3-5cw6
Affects: github.com/cilium/cilium
Published: Mar 22, 2024
Modified: May 20, 2024

In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies: traffic that should be WireGuard-encrypted is sent unencrypted between a node's Envoy proxy and pods on other nodes, and traffic that should be WireGuard-encrypted is sent unencrypted between a node's DNS proxy and pods on other nodes.

For detailed information about this vulnerability, visit https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6.

Affected Modules

Path

Go Versions
github.com/cilium/cilium

from v1.14.0 before v1.14.8, from v1.15.0 before v1.15.2

Aliases

CVE-2024-28250
GHSA-v6q2-4qr3-5cw6

References

https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6
https://vuln.go.dev/ID/GO-2024-2657.json

Credits

@brb, @giorio94, @gandro, @jschwinger233

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL