Cilium: Namespaced HTTPRoutes can redirect traffic to other namespaces
13Vexday Risk Score
Sin señal de explotación. Ningún artefacto público de explotación conocido hasta ahora.
ssvc Trackcvss 5.9epss 0.2%
probabilidad de explotación
0.2%top 90% de las CVE
explotación observada
noninguna fuente lo reporta
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Productos afectados
cilium · ciliumReferencias
https://github.com/cilium/cilium/commit/7422068aff67ac77c7dcc57aa5b9240c91333debhttps://github.com/cilium/cilium/commit/e0b1cef513ff910323f3743e9f3e3d86721e4857https://github.com/cilium/cilium/commit/f23929cff682d6ed0dc158070812cb302fc0032bhttps://github.com/cilium/cilium/commit/fd47963ea394d5e8fa4a88c40a79063430c512cahttps://github.com/cilium/cilium/releases/tag/v1.17.17https://github.com/cilium/cilium/releases/tag/v1.18.11https://github.com/cilium/cilium/releases/tag/v1.19.5https://github.com/cilium/cilium/security/advisories/GHSA-w7c2-w76w-5hmj