PT-2023-23007 · Cilium · Cilium

Publicado

2023-05-22

·

Atualizado

2024-08-20

·

CVE-2023-30851

CVSS v3.1

2.6

Baixa

VetorAV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.11.16 Cilium versions prior to 1.12.9 Cilium versions prior to 1.13.2
Description This issue impacts users with a HTTP policy that applies to multiple toEndpoints and have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies.
Recommendations For Cilium versions prior to 1.11.16, update to version 1.11.16 or later. For Cilium versions prior to 1.12.9, update to version 1.12.9 or later. For Cilium versions prior to 1.13.2, update to version 1.13.2 or later. As a temporary workaround, consider rewriting HTTP rules for each endpoint separately to prevent the bypass of HTTP policies.

Exploit

Correção

Protection Mechanism Failure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-693

Identificadores relacionados

BIT-CILIUM-2023-30851
BIT-CILIUM-OPERATOR-2023-30851
BIT-CILIUM-PROXY-2023-30851
BIT-HUBBLE-2023-30851
BIT-HUBBLE-RELAY-2023-30851
BIT-HUBBLE-UI-2023-30851
BIT-HUBBLE-UI-BACKEND-2023-30851
CVE-2023-30851
GHSA-2H44-X2WX-49F4
GO-2023-1785

Produtos afetados

Cilium