CVE-2024-25631
Unencrypted traffic between pods when using Wireguard and an external kvstore
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
Cilium es una solución de redes, observabilidad y seguridad con un plano de datos basado en eBPF. Para los usuarios de Cilium que han habilitado un kvstore externo y el cifrado transparente Wireguard, el tráfico entre pods en el clúster afectado no está cifrado. Este problema afecta a Cilium v1.14 anterior a v1.14.7 y se ha solucionado en Cilium v1.14.7. No existe ningún workaround para este problema.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-02-08 CVE Reserved
- 2024-02-20 CVE Published
- 2024-08-26 CVE Updated
- 2024-12-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-311: Missing Encryption of Sensitive Data
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore | X_refsource_misc | |
| https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg | X_refsource_misc | |
| https://github.com/cilium/cilium/releases/tag/v1.14.7 | X_refsource_misc | |
| https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|