CVE-2024-28249

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-311
View all →

Vulnerability Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.

Related Vulnerabilities

CVE-2023-30561

MEDIUM
CVSS:6.1(Medium)

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is run...

CWE-3112023

CVE-2024-28250

MEDIUM
CVSS:6.1(Medium)

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled...

CWE-3112024

CVE-2016-10597

MEDIUM
CVSS:5.9(Medium)

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10613

MEDIUM
CVSS:5.9(Medium)

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10630

MEDIUM
CVSS:5.9(Medium)

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2017-16041

MEDIUM
CVSS:5.9(Medium)

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112017