CVE-2024-52529

{"id": "CVE-2024-52529", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-11-25T19:15:11.373", "references": [{"url": "https://github.com/cilium/cilium/pull/35150", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic."}, {"lang": "es", "value": "Cilium es una soluci\u00f3n de redes, observabilidad y seguridad con un plano de datos basado en eBPF. Para los usuarios con la siguiente configuraci\u00f3n: 1. Una pol\u00edtica de permiso que selecciona un destino de Capa 3 y un rango de puertos `AND` 2. Una pol\u00edtica de permiso de Capa 7 que selecciona un puerto espec\u00edfico dentro del rango de la primera pol\u00edtica, la aplicaci\u00f3n de Capa 7 no se producir\u00eda para el tr\u00e1fico seleccionado por la pol\u00edtica de Capa 7. Este problema solo afecta a los usuarios que utilizan la funcionalidad de rango de puertos de Cilium, que se introdujo en Cilium v1.16. Este problema est\u00e1 corregido en PR #35150. Este problema afecta a Cilium v1.16 entre v1.16.0 y v1.16.3 inclusive. Este problema est\u00e1 corregido en Cilium v1.16.4. Se recomienda a los usuarios que actualicen. Los usuarios con pol\u00edticas de red que coincidan con el patr\u00f3n descrito anteriormente pueden solucionar el problema reescribiendo cualquier pol\u00edtica que utilice rangos de puertos para especificar individualmente los puertos permitidos para el tr\u00e1fico."}], "lastModified": "2025-09-03T17:18:14.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BFDF1F0-34D0-40D4-8E60-C6FF295CD5A4", "versionEndExcluding": "1.16.4", "versionStartIncluding": "1.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}