Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass. This issue has been patched in Cilium v1.14.14 and v1.15.8 As the underlying issue depends on a race condition, users unable to upgrade can restart the Cilium agent on affected nodes until the affected policies are confirmed to be working as expected.
Metrics
Affected Vendors & Products
References
History
Mon, 19 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 15 Aug 2024 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass. This issue has been patched in Cilium v1.14.14 and v1.15.8 As the underlying issue depends on a race condition, users unable to upgrade can restart the Cilium agent on affected nodes until the affected policies are confirmed to be working as expected. | |
Title | Cilium agent's race condition may lead to policy bypass for Host Firewall policy | |
Weaknesses | CWE-362 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-15T20:36:29.463Z
Updated: 2024-08-19T19:23:37.503Z
Reserved: 2024-08-02T14:13:04.618Z
Link: CVE-2024-42488
Vulnrichment
Updated: 2024-08-19T19:23:31.662Z
NVD
Status : Awaiting Analysis
Published: 2024-08-15T21:15:17.270
Modified: 2024-08-19T13:00:23.117
Link: CVE-2024-42488
Redhat
No data.