CVE-2024-25630

CVSS v3.1

6.1

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cilium versions 1.14 through 1.14.6

Description The issue affects Cilium users who are using CRDs to store Cilium state and Wireguard transparent encryption. Traffic to and from the Ingress and health endpoints is not encrypted. This issue does not affect traffic from the Ingress and health endpoints to pods. The health endpoint is only used for Cilium's internal health checks.

Recommendations For Cilium versions 1.14 through 1.14.6, upgrade to Cilium v1.14.7 to resolve the issue. There is no workaround to this issue, and affected users are encouraged to upgrade to the patched version.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-311

Related Identifiers

BIT-CILIUM-2024-25630

BIT-CILIUM-OPERATOR-2024-25630

BIT-CILIUM-PROXY-2024-25630

BIT-HUBBLE-2024-25630

BIT-HUBBLE-RELAY-2024-25630

BIT-HUBBLE-UI-2024-25630

BIT-HUBBLE-UI-BACKEND-2024-25630

CVE-2024-25630

GHSA-7496-FGV9-XW82

GO-2024-2568

Affected Products

Cilium

CVE-2024-25630

Weakness Enumeration

Related Identifiers

Affected Products

References · 17