CVE-2024-25630

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-25630

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-25630.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-25630

Aliases

Related

Published

2024-02-20T18:15:52Z

Modified

2024-10-12T11:20:30.157874Z

Summary

[none]

Details

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.

References

Affected packages

Git / github.com/cilium/cilium

Affected ranges

Type: GIT
Repo: https://github.com/cilium/cilium
Events: Introduced

b5013e1562dbfe442dd2011a5af46de9095315ff

Fixed

91b461c78160ff5c96cad23a85e4287093753c22

Affected versions

1.*

1.14.0

1.14.1

1.14.2

1.14.3

1.14.4

1.14.5

1.14.6

v1.*

v1.14.0

v1.14.1

v1.14.2

v1.14.3

v1.14.4

v1.14.5

v1.14.6