Network Policy Vulnerability in Cilium by Isovalent

CVE-2024-47825

What is CVE-2024-47825?

A network policy flaw exists in Cilium, impacting certain versions by allowing a broader prefix denial rule to be ignored in specific conditions. When a rule specifies enableDefaultDeny: false or indicates toEntities: all, a more specific rule may override denials. This behavior can lead to unintended access or exposure. The issue is notable in Cilium versions ranging from 1.14.0 to prior to 1.14.16 and 1.15.10. Affected users are advised to modify their policy configurations to eliminate the enableDefaultDeny: false setting or adjust their 'toEntities' specifications for improved security. The vulnerability has been addressed in Cilium releases 1.14.16 and 1.15.10.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References