Vulnerability Report: GO-2024-2656

In Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, traffic that should be IPsec-encrypted between a node's Envoy proxy and pods on other nodes is sent unencrypted, and traffic that should be IPsec-encrypted between a node's DNS proxy and pods on other nodes is sent unencrypted.

For detailed information about this vulnerability, visit https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36.

Affected Modules

Aliases

References

Credits

  • @jschwinger233, @julianwiedmann, @giorio94, @jrajahalme

Feedback

See anything missing or incorrect? Suggest an edit to this report.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL