apk package
chainguard/cilium-fips-1.14-operator-generic
pkg:apk/chainguard/cilium-fips-1.14-operator-generic
Vulnerabilities (48)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-41333 | — | < 1.14.19-r24 | 1.14.19-r24 | Sep 26, 2023 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy en | ||
| CVE-2023-39347 | — | < 1.14.19-r24 | 1.14.19-r24 | Sep 26, 2023 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-pr | ||
| CVE-2023-30851 | — | < 1.14.19-r24 | 1.14.19-r24 | May 25, 2023 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wi | ||
| CVE-2023-27594 | — | < 1.14.19-r24 | 1.14.19-r24 | Mar 17, 2023 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from | ||
| CVE-2023-27593 | — | < 1.14.19-r24 | 1.14.19-r24 | Mar 17, 2023 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By rep | ||
| CVE-2022-29179 | — | < 1.14.19-r24 | 1.14.19-r24 | May 20, 2022 | Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cili | ||
| CVE-2022-29178 | — | < 1.14.19-r24 | 1.14.19-r24 | May 20, 2022 | Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to | ||
| CVE-2020-8559 | — | < 1.14.19-r24 | 1.14.19-r24 | Jul 22, 2020 | The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. |
- CVE-2023-41333Sep 26, 2023affected < 1.14.19-r24fixed 1.14.19-r24
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy en
- CVE-2023-39347Sep 26, 2023affected < 1.14.19-r24fixed 1.14.19-r24
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-pr
- CVE-2023-30851May 25, 2023affected < 1.14.19-r24fixed 1.14.19-r24
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wi
- CVE-2023-27594Mar 17, 2023affected < 1.14.19-r24fixed 1.14.19-r24
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from
- CVE-2023-27593Mar 17, 2023affected < 1.14.19-r24fixed 1.14.19-r24
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By rep
- CVE-2022-29179May 20, 2022affected < 1.14.19-r24fixed 1.14.19-r24
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cili
- CVE-2022-29178May 20, 2022affected < 1.14.19-r24fixed 1.14.19-r24
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to
- CVE-2020-8559Jul 22, 2020affected < 1.14.19-r24fixed 1.14.19-r24
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
Page 3 of 3