CVE-2024-28249 Information

Description

Cilium is a networking observability and security solution with an eBPF-based dataplane. Prior to versions 1.13.13 1.14.8 and 1.15.2 in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies IPsec-eligible traffic between a node’s Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node’s DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2 1.14.8 and 1.13.13. There is no known workaround for this issue.

Reference

https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36 https://github.com/cilium/cilium/releases/tag/v1.13.13 https://github.com/cilium/cilium/releases/tag/v1.14.8 https://github.com/cilium/cilium/releases/tag/v1.15.2