Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Debug mode leaks confidential data in Cilium
Vulnerability Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
Cilium 日志信息泄露漏洞
Vulnerability Description
Cilium是一个开源软件。用于提供和透明地保护应用程序工作负载(如应用程序容器或进程)之间的网络连接和负载平衡。 Cilium存在日志信息泄露漏洞,该漏洞源于在调试模式下运行时,Cilium 会记录敏感信息。受影响的产品和版本:Cilium 1.7版本,1.8版本,1.9版本,1.10版本,1.11.15及之前版本,1.12.8及之前版本,1.13.1及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A