Gandro

**Name of the Vulnerable Software and Affected Versions** Cilium versions 1.15.0 through 1.15.15 Cilium versions 1.16.0 through 1.16.8 Cilium versions 1.17.0 through 1.17.2 **Description** Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. **Recommendations** For versions 1.15.0 through 1.15.15, update to version 1.15.16 or later. For versions 1.16.0 through 1.16.8, update to version 1.16.9 or later. For versions 1.17.0 through 1.17.2, update to version 1.17.3 or later.

**Name of the Vulnerable Software and Affected Versions** Cilium versions 1.14 through 1.14.6 **Description** The issue affects Cilium users who are using CRDs to store Cilium state and Wireguard transparent encryption. Traffic to and from the Ingress and health endpoints is not encrypted. This issue does not affect traffic from the Ingress and health endpoints to pods. The health endpoint is only used for Cilium's internal health checks. **Recommendations** For Cilium versions 1.14 through 1.14.6, upgrade to Cilium v1.14.7 to resolve the issue. There is no workaround to this issue, and affected users are encouraged to upgrade to the patched version.