Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster.

INFO

Published Date :

2024-08-16T14:34:41.560Z

Last Modified :

2024-08-16T14:54:16.632Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42486 vulnerability.

Vendors Products
Cilium
  • Cilium
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42486.

URL Resource
https://github.com/cilium/cilium/commit/ed3dfa0aab8b80f7e841a6d49d2a990ac2dca053 cve-icon cve-icon cve-icon
https://github.com/cilium/cilium/pull/34032 cve-icon cve-icon cve-icon
https://github.com/cilium/cilium/security/advisories/GHSA-vwf8-q6fw-4wcm cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-42486 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-42486 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact