Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of service via Kubernetes annotations in specific Cilium configurations
Vulnerability Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users unable to upgrade can avoid this denial of service attack by enabling the Layer 7 proxy.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
对异常条件的处理不恰当
Vulnerability Title
Cilium 安全漏洞
Vulnerability Description
Cilium是一个开源软件。用于提供和透明地保护应用程序工作负载(如应用程序容器或进程)之间的网络连接和负载平衡。 Cilium存在安全漏洞,该漏洞源于允许攻击者通过特定配置中的Kubernetes注释进行拒绝服务(DoS)攻击。受影响的产品和版本:Cilium 1.14.1及之前版本,1.12.13及之前版本,1.13.6及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A