CVE-2024-25631

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25631
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore Product
https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg Product
https://github.com/cilium/cilium/releases/tag/v1.14.7 Release Notes
https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 Vendor Advisory
https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore Product
https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg Product
https://github.com/cilium/cilium/releases/tag/v1.14.7 Release Notes
https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*
History

18 Dec 2024, 17:17

Type Values Removed Values Added
References () https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore - () https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore - Product
References () https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg - () https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg - Product
References () https://github.com/cilium/cilium/releases/tag/v1.14.7 - () https://github.com/cilium/cilium/releases/tag/v1.14.7 - Release Notes
References () https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 - () https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 - Vendor Advisory
First Time Cilium cilium
Cilium
CWE CWE-319
CPE cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*

21 Nov 2024, 09:01

Type Values Removed Values Added
Summary
  • (es) Cilium es una solución de redes, observabilidad y seguridad con un plano de datos basado en eBPF. Para los usuarios de Cilium que han habilitado un kvstore externo y el cifrado transparente Wireguard, el tráfico entre pods en el clúster afectado no está cifrado. Este problema afecta a Cilium v1.14 anterior a v1.14.7 y se ha solucionado en Cilium v1.14.7. No existe ningún workaround para este problema.
References () https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore - () https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore -
References () https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg - () https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg -
References () https://github.com/cilium/cilium/releases/tag/v1.14.7 - () https://github.com/cilium/cilium/releases/tag/v1.14.7 -
References () https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 - () https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 -

20 Feb 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-20 18:15

Updated : 2024-12-18 17:17

NVD link : CVE-2024-25631

Mitre link : CVE-2024-25631

CVE.ORG link : CVE-2024-25631

JSON object : View

Products Affected

cilium

  • cilium
CWE
CWE-311

Missing Encryption of Sensitive Data

CWE-319

Cleartext Transmission of Sensitive Information