CVE-2024-28248

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-28248

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28248.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-28248

Aliases

Related

Published

2024-03-18T22:15:08Z

Modified

2025-01-15T05:12:02.180399Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/cilium/cilium

Affected ranges

Type: GIT
Repo: https://github.com/cilium/cilium
Events: Introduced

cde7f964cdb594539aa737716f0c63f84e944097

Fixed

ca1af73ffe025e2ebdb6c8cd5b2cfb1909cb3b06

Affected versions

1.*

1.13.10

1.13.11

1.13.12

1.13.9

v1.*

v1.13.10

v1.13.11

v1.13.12

v1.13.9