We found results for “”
WS-2022-0178
Date: April 16, 2022
An issue was discovered in Cilium up to 1.11.6. This vulnerability allows bypassing host policies for IPv6 traffic coming from a Cilium-managed pod and destined to the host-network namespace. Cilium is only affected by this vulnerability if IPv4, IPv6, endpoint routes, and the host firewall are enabled.
Language: Go
Severity Score
Severity Score
Weakness Type (CWE)
Authentication Bypass by Spoofing
CWE-290CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | LOW |