icon

We found results for “

CVE-2024-47825

Good to know:

icon

Date: October 21, 2024

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than "/32" may be ignored if there is a policy rule referencing a more narrow prefix ("CIDRSet" or "toFQDN") and this narrower policy rule specifies either "enableDefaultDeny: false" or "- toEntities: all". Note that a rule specifying "toEntities: world" or "toEntities: 0.0.0.0/0" is insufficient, it must be to entity "all".This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using "enableDefaultDeny: false" or that set "toEntities" to "all", some workarounds are available. For users with policies using "enableDefaultDeny: false", remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify "toEntities: all", use "toEntities: world".

Language: Go

Severity Score

Severity Score

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Insecure Automated Optimizations

CWE-1038

Top Fix

icon

Upgrade Version

Upgrade to version github.com/cilium/cilium - v1.15.10;github.com/cilium/cilium - v1.14.16

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us