How severe is CVE-2023-29002?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2023-29002?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2023-29002 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.

Related Vulnerabilities

CVE-2023-4380

MEDIUM

CVSS:6.3(Medium)

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credent...

CWE-5322023

CVE-2024-39532

MEDIUM

CVSS:6.3(Medium)

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive info...

CWE-5322024

CVE-2025-24389

MEDIUM

CVSS:6.3(Medium)

Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. This issue affects: * OTR...

CWE-5322025

CVE-2017-5137

MEDIUM

CVSS:6.2(Medium)

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.

CWE-5322017

CVE-2021-20536

MEDIUM

CVSS:6.2(Medium)

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.

CWE-5322021

CVE-2023-40694

MEDIUM

CVSS:6.2(Medium)

IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.

CWE-5322023