CVE-2024-25631

CVSS v3.1

6.1

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cilium versions 1.14 through 1.14.6

Description The issue affects Cilium users who have enabled an external kvstore and Wireguard transparent encryption, resulting in unencrypted traffic between pods in the affected cluster.

Recommendations For Cilium versions 1.14 through 1.14.6, upgrade to Cilium v1.14.7 to resolve the issue. There is no workaround to this issue, and affected users are encouraged to upgrade.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-311

Related Identifiers

BIT-CILIUM-2024-25631

BIT-CILIUM-OPERATOR-2024-25631

BIT-CILIUM-PROXY-2024-25631

BIT-HUBBLE-2024-25631

BIT-HUBBLE-RELAY-2024-25631

BIT-HUBBLE-UI-2024-25631

BIT-HUBBLE-UI-BACKEND-2024-25631

CVE-2024-25631

GHSA-X989-52FC-4VR4

GO-2024-2569

Affected Products

Cilium

CVE-2024-25631

Weakness Enumeration

Related Identifiers

Affected Products

References · 18