Описание
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2.
Ссылки
- Release Notes
- Release Notes
- Release Notes
- Vendor Advisory
- Release Notes
- Release Notes
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.11.16 (исключая)Версия от 1.12.0 (включая) до 1.12.9 (исключая)Версия от 1.13.0 (включая) до 1.13.2 (исключая)
Одно из
cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*
cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*
cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00113
Низкий
2.6 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-693
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 2.6
debian
больше 2 лет назад
Cilium is a networking, observability, and security solution with an e ...
CVSS3: 5.3
github
больше 2 лет назад
Potential HTTP policy bypass when using header rules in Cilium
EPSS
Процентиль: 30%
0.00113
Низкий
2.6 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-693
NVD-CWE-noinfo