github.com/cilium/cilium is vulnerable to Information Disclosure. When running in debug mode, the Cilium agent may log secrets. Depending on the configuration of the impacted cluster, this includes TLS private keys for Ingress and GatewayAPI resources. The confidential data would be outputed when the Cilium agent restarted, when the secrets were updated, or when Ingress or GatewayAPI resources were created.
github.com/advisories/GHSA-pg5p-wwp8-97g8
github.com/cilium/cilium/commit/ba4379caf9b4c5f5b59ba3d5796aef0aa0c158a7
github.com/cilium/cilium/commit/f1af75c1abf156b490f17ca0624ab5723411834a
github.com/cilium/cilium/commit/f490339b3df6751483ed4944625ab019d6f4f162
github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8