CVE-2024-42487

Name of the Vulnerable Software and Affected Versions Cilium versions 1.15.0 through 1.15.7 Cilium version 1.16.0

Description The Gateway API HTTPRoutes and GRPCRoutes in Cilium do not follow the match precedence specified in the Gateway API specification. Request headers are matched before request methods, contrary to the specification that requires request methods to be respected before headers are matched. This could result in unexpected behavior with security implications. If users create Gateway API resources that use both request headers and request methods to route to different destinations, then traffic may be delivered to the incorrect backend, potentially allowing access to information that was not intended to be accessed.

Recommendations For Cilium versions 1.15.0 through 1.15.7, update to version 1.15.8 to resolve the issue. For Cilium version 1.16.0, update to version 1.16.1 to resolve the issue. As a temporary workaround is not available, updating to the fixed version is the recommended course of action.