CVE-2024-47825

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47825
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47825.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47825
Aliases
Related
Published
2024-10-21T19:15:03Z
Modified
2025-01-08T16:21:04.189312Z
Severity
  • 8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix (CIDRSet or toFQDN) and this narrower policy rule specifies either enableDefaultDeny: false or - toEntities: all. Note that a rule specifying toEntities: world or toEntities: 0.0.0.0/0 is insufficient, it must be to entity all.This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using enableDefaultDeny: false or that set toEntities to all, some workarounds are available. For users with policies using enableDefaultDeny: false, remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify toEntities: all, use toEntities: world.

References

Affected packages

Git / github.com/cilium/cilium

Affected ranges

Type
GIT
Repo
https://github.com/cilium/cilium
Events
Introduced
b5013e1562dbfe442dd2011a5af46de9095315ff
Fixed
c2fcf1db31b1b408662471cbe1fddd121bd9678a

Affected versions

1.*

1.14.0
1.14.1
1.14.10
1.14.11
1.14.12
1.14.13
1.14.14
1.14.15
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6
1.14.7
1.14.8
1.14.9

v1.*

v1.14.0
v1.14.1
v1.14.10
v1.14.11
v1.14.12
v1.14.13
v1.14.14
v1.14.15
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9