Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched. This could result in unexpected behaviour with security This issue is fixed in Cilium v1.15.8 and v1.16.1. There is no workaround for this issue.

INFO

Published Date :

2024-08-15T20:26:53.455Z

Last Modified :

2024-08-15T20:46:34.910Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42487 vulnerability.

Vendors Products
Cilium
  • Cilium
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42487.

URL Resource
https://github.com/cilium/cilium/commit/a3510fe4a92305822aa1a5e08cb6d6c873c8699a cve-icon cve-icon
https://github.com/cilium/cilium/pull/34109 cve-icon cve-icon
https://github.com/cilium/cilium/security/advisories/GHSA-qcm3-7879-xcww cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact