Vulnerability Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cilium | Cilium | >= 1.13.9, < 1.13.13 |
Related Weaknesses (CWE)
References
- https://docs.cilium.io/en/stable/security/policy/language/#httpProduct
- https://github.com/cilium/cilium/releases/tag/v1.13.13Release Notes
- https://github.com/cilium/cilium/releases/tag/v1.14.8Release Notes
- https://github.com/cilium/cilium/releases/tag/v1.15.2Release Notes
- https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85Vendor Advisory
- https://docs.cilium.io/en/stable/security/policy/language/#httpProduct
- https://github.com/cilium/cilium/releases/tag/v1.13.13Release Notes
- https://github.com/cilium/cilium/releases/tag/v1.14.8Release Notes
- https://github.com/cilium/cilium/releases/tag/v1.15.2Release Notes
- https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85Vendor Advisory
FAQ
What is CVE-2024-28248?
CVE-2024-28248 is a vulnerability with a CVSS score of 7.2 (HIGH). Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not ...
How severe is CVE-2024-28248?
CVE-2024-28248 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28248?
Check the references section above for vendor advisories and patch information. Affected products include: Cilium Cilium.