Cilium
CVE-2024-28249
MEDIUM
Severity by source
AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.
AnalysisAI
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-311. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue. Affected products include: Cilium.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.7
Cilium is open source software for providing and securing network connectivity and loadbalancing between application wor
Cilium is open source software for providing and securing network connectivity and loadbalancing between application wor
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.1
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.5)
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.3
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6
Same weakness CWE-311 – Missing Encryption of Sensitive Data
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today