Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium
Vulnerability Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
对异常条件的处理不恰当
Vulnerability Title
Cilium 安全漏洞
Vulnerability Description
Cilium是Cilium开源的一个开源软件。用于提供和透明地保护应用程序工作负载(如应用程序容器或进程)之间的网络连接和负载平衡。 Cilium存在安全漏洞,该漏洞源于在某些情况下第 7 层策略选择的流量不会发生第 7 层强制执行。
CVSS Information
N/A
Vulnerability Type
N/A