chainguard/cilium-1.15

Vulnerabilities (58)

• CVE-2024-24791HigJul 2, 2024
  affected < 1.15.6-r1fixed 1.15.6-r1

  The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co

• CVE-2024-37307Jun 13, 2024
  affected < 1.15.6-r0fixed 1.15.6-r0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `--envoy-dump` flag se

• CVE-2024-24789Jun 5, 2024
  affected < 1.15.5-r1fixed 1.15.5-r1

  The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac

• CVE-2024-24790Jun 5, 2024
  affected < 1.15.5-r1fixed 1.15.5-r1

  The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

• CVE-2023-45288HigApr 4, 2024
  affected < 1.15.5-r0fixed 1.15.5-r0

  An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma

• CVE-2024-28249Mar 18, 2024
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on o

• CVE-2024-28180Mar 9, 2024
  affected < 1.15.2-r0fixed 1.15.2-r0

  Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret

• CVE-2024-24786HigMar 5, 2024
  affected < 1.15.2-r0fixed 1.15.2-r0

  The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

• CVE-2024-25631Feb 20, 2024
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 be

• CVE-2024-25630Feb 20, 2024
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted

• CVE-2023-41332Sep 26, 2023
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `io.cilium.proxy-visibilit

• CVE-2023-41333Sep 26, 2023
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy en

• CVE-2023-39347Sep 26, 2023
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-pr

• CVE-2023-30851May 25, 2023
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wi

• CVE-2023-27594Mar 17, 2023
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from

• CVE-2023-27593Mar 17, 2023
  affected < 0fixed 0

  Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By rep

• CVE-2022-29179May 20, 2022
  affected < 0fixed 0

  Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cili

• CVE-2022-29178May 20, 2022
  affected < 0fixed 0

  Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to