PT-2023-23007 · Cilium · Cilium

Published

2023-05-22

Updated

2024-08-20

CVE-2023-30851

CVSS v3.1

2.6

Low

Vector

AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.11.16 Cilium versions prior to 1.12.9 Cilium versions prior to 1.13.2

Description This issue impacts users with a HTTP policy that applies to multiple toEndpoints and have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies.

Recommendations For Cilium versions prior to 1.11.16, update to version 1.11.16 or later. For Cilium versions prior to 1.12.9, update to version 1.12.9 or later. For Cilium versions prior to 1.13.2, update to version 1.13.2 or later. As a temporary workaround, consider rewriting HTTP rules for each endpoint separately to prevent the bypass of HTTP policies.

Exploit

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

BIT-CILIUM-2023-30851

BIT-CILIUM-OPERATOR-2023-30851

BIT-CILIUM-PROXY-2023-30851

BIT-HUBBLE-2023-30851

BIT-HUBBLE-RELAY-2023-30851

BIT-HUBBLE-UI-2023-30851

BIT-HUBBLE-UI-BACKEND-2023-30851

CVE-2023-30851

GHSA-2H44-X2WX-49F4

GO-2023-1785

Affected Products

Cilium

PT-2023-23007 · Cilium · Cilium

CVE-2023-30851

Weakness Enumeration

Related Identifiers

Affected Products

References · 17