← Volver a CVEs

CVE-2024-28248

HIGH

7.2

Descripcion

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue.

Detalles CVE

Puntuacion CVSS v3.17.2

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado3/18/2024

Ultima modificacion1/9/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

cilium:cilium

Debilidades (CWE)

CWE-693

Referencias

https://docs.cilium.io/en/stable/security/policy/language/#http(security-advisories@github.com)

https://github.com/cilium/cilium/releases/tag/v1.13.13(security-advisories@github.com)

https://github.com/cilium/cilium/releases/tag/v1.14.8(security-advisories@github.com)

https://github.com/cilium/cilium/releases/tag/v1.15.2(security-advisories@github.com)

https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85(security-advisories@github.com)

https://docs.cilium.io/en/stable/security/policy/language/#http(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/cilium/cilium/releases/tag/v1.13.13(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/cilium/cilium/releases/tag/v1.14.8(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/cilium/cilium/releases/tag/v1.15.2(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.