Vulnerability Report: GO-2024-2656
- CVE-2024-28249, GHSA-j89h-qrvr-xc36
- Affects: github.com/cilium/cilium
- Published: Mar 22, 2024
- Modified: Mar 22, 2024
In Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, traffic that should be IPsec-encrypted between a node's Envoy proxy and pods on other nodes is sent unencrypted, and traffic that should be IPsec-encrypted between a node's DNS proxy and pods on other nodes is sent unencrypted.
For detailed information about this vulnerability, visit https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
- https://vuln.go.dev/ID/GO-2024-2656.json
Credits
- @jschwinger233@julianwiedmann, @giorio94, @jrajahalme
Feedback
See anything missing or incorrect?
Suggest an edit to this report.