Cilium
Monthly
Cilium versions 1.18.0-1.18.5 with Native Routing, WireGuard, and Node Encryption enabled incorrectly allow cross-node Pod traffic that should be blocked, enabling unauthorized network access between isolated workloads. An attacker with network access to pods on different nodes can bypass network segmentation policies to access restricted services. The vulnerability affects deployments using these specific Cilium configurations and is resolved in version 1.18.6.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.4), this vulnerability is no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Cilium versions 1.18.0-1.18.5 with Native Routing, WireGuard, and Node Encryption enabled incorrectly allow cross-node Pod traffic that should be blocked, enabling unauthorized network access between isolated workloads. An attacker with network access to pods on different nodes can bypass network segmentation policies to access restricted services. The vulnerability affects deployments using these specific Cilium configurations and is resolved in version 1.18.6.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.4), this vulnerability is no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.