6.1 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Cilium is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to missing encryption in IPsec-eligible traffic between a node’s Envoy proxy/DNS proxy and pods on other nodes, when traffic matches Layer 7 policies. This issue can expose sensitive data as it travels between nodes within the cluster.
github.com/cilium/cilium/commit/298fa336e6930a513b7d0535855a4a2a2443201d
github.com/cilium/cilium/commit/8bcd7caa00e714df38bbd12f795cb51bd0c61432
github.com/cilium/cilium/releases/tag/v1.13.13
github.com/cilium/cilium/releases/tag/v1.14.8
github.com/cilium/cilium/releases/tag/v1.15.2
github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
6.1 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%