-
Notifications
You must be signed in to change notification settings - Fork 64
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Aliases: CVE-2024-28250, GHSA-v6q2-4qr3-5cw6 Fixes #2657 Change-Id: Ia3bd85f146f0ba26a49484d8e1866fe317d9676f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/573695 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Run-TryBot: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
- Loading branch information
1 parent
c4ed78b
commit 0221ab8
Showing
2 changed files
with
90 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2657", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-28250", | ||
| "GHSA-v6q2-4qr3-5cw6" | ||
| ], | ||
| "summary": "Unencrypted traffic between nodes in github.com/cilium/cilium", | ||
| "details": "In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies: traffic that should be WireGuard-encrypted is sent unencrypted between a node's Envoy proxy and pods on other nodes, and traffic that should be WireGuard-encrypted is sent unencrypted between a node's DNS proxy and pods on other nodes.", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/cilium/cilium", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "1.14.0" | ||
| }, | ||
| { | ||
| "fixed": "1.14.8" | ||
| }, | ||
| { | ||
| "introduced": "1.15.0" | ||
| }, | ||
| { | ||
| "fixed": "1.15.2" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "name": "@brb" | ||
| }, | ||
| { | ||
| "name": "@giorio94" | ||
| }, | ||
| { | ||
| "name": "@gandro" | ||
| }, | ||
| { | ||
| "name": "@jschwinger233" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2657" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: GO-2024-2657 | ||
| modules: | ||
| - module: github.com/cilium/cilium | ||
| versions: | ||
| - introduced: 1.14.0 | ||
| fixed: 1.14.8 | ||
| - introduced: 1.15.0 | ||
| fixed: 1.15.2 | ||
| vulnerable_at: 1.15.1 | ||
| summary: Unencrypted traffic between nodes in github.com/cilium/cilium | ||
| description: |- | ||
| In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies: | ||
| traffic that should be WireGuard-encrypted is sent unencrypted between a node's | ||
| Envoy proxy and pods on other nodes, and traffic that should be | ||
| WireGuard-encrypted is sent unencrypted between a node's DNS proxy and pods on | ||
| other nodes. | ||
| cves: | ||
| - CVE-2024-28250 | ||
| ghsas: | ||
| - GHSA-v6q2-4qr3-5cw6 | ||
| credits: | ||
| - '@brb' | ||
| - '@giorio94' | ||
| - '@gandro' | ||
| - '@jschwinger233' | ||
| references: | ||
| - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6 |