Unencrypted Traffic in Cilium Clusters with IPsec Enabled
CVE-2024-28249

6.1MEDIUM

Key Information:

Vendor

Cilium

Status
Cilium
Vendor
CVE Published:
18 March 2024

What is CVE-2024-28249?

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.

Affected Version(s)

cilium < 1.13.13 < 1.13.13

cilium >= 1.14.0, < 1.14.8 < 1.14.0, 1.14.8

cilium >= 1.15.0, < 1.15.2 < 1.15.0, 1.15.2

References

https://github.com/cilium/cilium/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/cilium/cilium/releases/tag/v1.13.13
x_refsource_MISC
https://github.com/cilium/cilium/releases/tag/v1.14.8
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.