Veracode Vulnerability DatabaseVERACODE:48489Sensitive Information Exposure
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
AI Score
Confidence
Low
github.com/cilium/cilium is vulnerable to Sensitive Information Exposure. The vulnerability is caused due to not propagating ReferenceGrant changes in Cilium’s GatewayAPI controller. This can lead to Gateway resources being able to access secrets for longer than intended or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended.
References
github.com/advisories/GHSA-vwf8-q6fw-4wcm
github.com/cilium/cilium/commit/414a96b53d51ef6e6645c44426e26bc8e7c7c059
github.com/cilium/cilium/commit/92c110e58a7be6586819dd51fb0f6ee1ec4be8f8
github.com/cilium/cilium/commit/ed3dfa0aab8b80f7e841a6d49d2a990ac2dca053
github.com/cilium/cilium/pull/34032
github.com/cilium/cilium/security/advisories/GHSA-vwf8-q6fw-4wcm
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
AI Score
Confidence
Low