CVE-2024-25631
Severity CVSS v4.0:
Pending analysis
Type:
CWE-311
Missing Encryption of Sensitive Data
Publication date:
20/02/2024
Last modified:
18/12/2024
Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:* | 1.14.0 (including) | 1.14.7 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore
- https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg
- https://github.com/cilium/cilium/releases/tag/v1.14.7
- https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4
- https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore
- https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg
- https://github.com/cilium/cilium/releases/tag/v1.14.7
- https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4