Unencrypted traffic between pods when using Wireguard and an external kvstore
CVE-2024-25631

5.3MEDIUM

Key Information:

Vendor: Cilium
Status: Cilium
Vendor: CVE Published:; 20 February 2024

🔔 Create Cilium Vulnerability Alert

What is CVE-2024-25631?

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.

Affected Version(s)

cilium < 1.14.7

References

https://github.com/cilium/cilium/security/advisories/GHSA...

x_refsource_CONFIRM

https://docs.cilium.io/en/stable/installation/k8s-install...

x_refsource_MISC

https://docs.cilium.io/en/stable/security/network/encrypt...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Feb 8, 2024

.

CVE-2024-25631 : Unencrypted traffic between pods when using Wireguard and an external kvstore