
We found results for “”
CVE-2024-47825
Good to know:

Date: October 21, 2024
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than "/32" may be ignored if there is a policy rule referencing a more narrow prefix ("CIDRSet" or "toFQDN") and this narrower policy rule specifies either "enableDefaultDeny: false" or "- toEntities: all". Note that a rule specifying "toEntities: world" or "toEntities: 0.0.0.0/0" is insufficient, it must be to entity "all".This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using "enableDefaultDeny: false" or that set "toEntities" to "all", some workarounds are available. For users with policies using "enableDefaultDeny: false", remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify "toEntities: all", use "toEntities: world".
Language: Go
Severity Score
Related Resources (6)
Severity Score
Top Fix

Upgrade Version
Upgrade to version github.com/cilium/cilium - v1.15.10;github.com/cilium/cilium - v1.14.16
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |