Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2024-47825
Good to know:
Date: October 21, 2024
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than "/32" may be ignored if there is a policy rule referencing a more narrow prefix ("CIDRSet" or "toFQDN") and this narrower policy rule specifies either "enableDefaultDeny: false" or "- toEntities: all". Note that a rule specifying "toEntities: world" or "toEntities: 0.0.0.0/0" is insufficient, it must be to entity "all".This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using "enableDefaultDeny: false" or that set "toEntities" to "all", some workarounds are available. For users with policies using "enableDefaultDeny: false", remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify "toEntities: all", use "toEntities: world".
Language: Go
Severity Score
Related Resources (6)
Severity Score
Top Fix
Upgrade Version
Upgrade to version github.com/cilium/cilium - v1.15.10;github.com/cilium/cilium - v1.14.16
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | NONE |