漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Potential HTTP policy bypass when using header rules in Cilium
Vulnerability Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
保护机制失效
Vulnerability Title
Cilium 安全漏洞
Vulnerability Description
Cilium是一个开源软件。用于提供和透明地保护应用程序工作负载(如应用程序容器或进程)之间的网络连接和负载平衡。 Cilium存在安全漏洞,该漏洞源于通配符规则将附加到HTTP规则集,这可能会导致绕过HTTP策略。
CVSS Information
N/A
Vulnerability Type
N/A