Exploit Report

Computer Security And Bug Information

CVE-2023-27594

CVECVE-2023-27594
CVE Title
Published Date2023-03-17T20:15Z
Modified Date2023-03-24T16:33Z
CWE TypeCWE-863
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
DescriptionCilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/cilium/cilium/releases/tag/v1.13.1
Reference DescriptionMISC https://github.com/cilium/cilium/releases/tag/v1.13.1
Reference URLhttps://github.com/cilium/cilium/releases/tag/v1.11.15
Reference DescriptionMISC https://github.com/cilium/cilium/releases/tag/v1.11.15
Reference URLhttps://github.com/cilium/cilium/releases/tag/v1.12.8
Reference DescriptionMISC https://github.com/cilium/cilium/releases/tag/v1.12.8
Reference URLhttps://github.com/cilium/cilium/security/advisories/GHSA-8fg8-jh2h-f2hc
Reference DescriptionMISC https://github.com/cilium/cilium/security/advisories/GHSA-8fg8-jh2h-f2hc
TagsThird Party Advisory
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles