apk package
chainguard/hubble-fips-compat
pkg:apk/chainguard/hubble-fips-compat
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-25631 | — | < 0.13.0-r0 | 0.13.0-r0 | Feb 20, 2024 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 be | ||
| CVE-2024-25630 | — | < 0.13.0-r0 | 0.13.0-r0 | Feb 20, 2024 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted | ||
| CVE-2020-8559 | — | < 1.17.1-r2 | 1.17.1-r2 | Jul 22, 2020 | The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. |
- CVE-2024-25631Feb 20, 2024affected < 0.13.0-r0fixed 0.13.0-r0
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 be
- CVE-2024-25630Feb 20, 2024affected < 0.13.0-r0fixed 0.13.0-r0
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted
- CVE-2020-8559Jul 22, 2020affected < 1.17.1-r2fixed 1.17.1-r2
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
Page 2 of 2