Moderate severityNVD Advisory· Published May 25, 2023· Updated Jan 16, 2025
Potential HTTP policy bypass when using header rules in Cilium
CVE-2023-30851
Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/cilium/ciliumGo | < 1.11.16 | 1.11.16 |
github.com/cilium/ciliumGo | >= 1.12.0, < 1.12.9 | 1.12.9 |
github.com/cilium/ciliumGo | >= 1.13.0, < 1.13.2 | 1.13.2 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-2h44-x2wx-49f4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-30851ghsaADVISORY
- github.com/cilium/cilium/releases/tag/v1.11.16ghsax_refsource_MISCWEB
- github.com/cilium/cilium/releases/tag/v1.12.9ghsax_refsource_MISCWEB
- github.com/cilium/cilium/releases/tag/v1.13.2ghsax_refsource_MISCWEB
- github.com/cilium/cilium/security/advisories/GHSA-2h44-x2wx-49f4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.