Closed
Description
In GitHub Security Advisory GHSA-j89h-qrvr-xc36, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/cilium/cilium | 1.15.2 | >= 1.15.0, < 1.15.2 |
Cross references:
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-c66w-hq56-4q97 #393 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29178 #457 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29179 #458 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-wc5v-r48v-g4vh #530 NOT_GO_CODE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pfhr-pccp-hwmh #959 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4hc4-pgfx-3mrx #1642 NOT_GO_CODE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-8fg8-jh2h-f2hc #1643 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-r5x6-w42p-jhpp #1644 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-29002 #1730 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-2h44-x2wx-49f4 #1785 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-34242 #1862 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-gj2r-phwg-6rww #2078 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-24m5-r6hv-ccgp #2079 EFFECTIVELY_PRIVATE
- Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4xp2-w642-7mcx #2080 EFFECTIVELY_PRIVATE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/cilium/cilium
versions:
- introduced: 1.15.0
fixed: 1.15.2
vulnerable_at: 1.15.1
packages:
- package: github.com/cilium/cilium
- module: github.com/cilium/cilium
versions:
- introduced: 1.14.0
fixed: 1.14.8
vulnerable_at: 1.14.7
packages:
- package: github.com/cilium/cilium
- module: github.com/cilium/cilium
versions:
- fixed: 1.13.13
vulnerable_at: 1.13.12
packages:
- package: github.com/cilium/cilium
summary: Unencrypted traffic between nodes when using IPsec and L7 policies
cves:
- CVE-2024-28249
ghsas:
- GHSA-j89h-qrvr-xc36
references:
- advisory: https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
- advisory: https://github.com/advisories/GHSA-j89h-qrvr-xc36
Metadata
Metadata
Assignees
Labels
No labels