Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/cilium/cilium

go

View on github.com · View on proxy.golang.org

Security Advisories for github.com/cilium/cilium in go

Moderate
about 1 month ago

Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic GSA_kwCzR0hTQS0zOHBwLTZnY3AtcnF2bc4ABPEe

go github.com/cilium/cilium, Ciliumgithub.com/cilium/cilium
Moderate
9 months ago

In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters GSA_kwCzR0hTQS01dnh4LWMyODUtcGNxNM4ABHEM

go github.com/cilium/cilium
Low
10 months ago

Cilium node based network policies may incorrectly allow workload traffic GSA_kwCzR0hTQS1jNnBmLTJ2OGotOTZtY84ABF1M

go Ciliumgithub.com/cilium/cilium, github.com/cilium/cilium
Low
10 months ago

Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers GSA_kwCzR0hTQS0yNHFwLTR4eDgtM2p2as4ABF1K

go github.com/cilium/cilium
Moderate
12 months ago

Cilium has an information leakage via insecure default Hubble UI CORS header GSA_kwCzR0hTQS1oNzhtLWo5NW0tNTM1Ns4ABDuM

go github.com/cilium/cilium
Moderate
12 months ago

DoS in Cilium agent DNS proxy from crafted DNS responses GSA_kwCzR0hTQS05bTVwLWM3N2MtZjlqN84ABDuL

go github.com/cilium/cilium
Moderate
about 1 year ago

Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges GSA_kwCzR0hTQS14ZzU4LTc1cWYtOXI2N84ABBvd

go github.com/cilium/cilium
Moderate
about 1 year ago

Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present GSA_kwCzR0hTQS0zd3d4LTYzZnYtcGZxNs4ABAhN

go github.com/cilium/cilium
Moderate
over 1 year ago

Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API GSA_kwCzR0hTQS12d2Y4LXE2ZnctNHdjbc4AA-ts

go github.com/cilium/cilium
Moderate
over 1 year ago

Gateway API route matching order contradicts specification GSA_kwCzR0hTQS1xY20zLTc4NzkteGN3d84AA-su

go github.com/cilium/cilium
Moderate
over 1 year ago

Policy bypass for Host Firewall policy due to race condition in Cilium agent GSA_kwCzR0hTQS1xN3c4LTcybXItdnBnd84AA-st

go github.com/cilium/cilium
High
over 1 year ago

Cilium leaks sensitive information in cilium-bugtool GSA_kwCzR0hTQS13aDc4LTc5NDgtMzU4as4AA9DL

go github.com/cilium/cilium
High
almost 2 years ago

Cilium has insecure IPsec transport encryption GSA_kwCzR0hTQS1wd3FtLXg1eDYtNTU4Ns4AA6au

go github.com/cilium/cilium
Moderate
almost 2 years ago

Unencrypted traffic between nodes when using WireGuard and L7 policies GSA_kwCzR0hTQS12NnEyLTRxcjMtNWN3Ns4AA6Gm

go github.com/cilium/cilium
Moderate
almost 2 years ago

Unencrypted traffic between nodes when using IPsec and L7 policies GSA_kwCzR0hTQS1qODloLXFydnIteGMzNs4AA6Gl

go github.com/cilium/cilium
High
almost 2 years ago

Intermittent HTTP policy bypass GSA_kwCzR0hTQS02OG1qLTlwanEtbWM4Nc4AA6Gk

go github.com/cilium/cilium
Moderate
almost 2 years ago

Unencrypted traffic between pods when using Wireguard and an external kvstore GSA_kwCzR0hTQS14OTg5LTUyZmMtNHZyNM4AA5Zr

go github.com/cilium/cilium
Moderate
almost 2 years ago

Unencrypted ingress/health traffic when using Wireguard transparent encryption GSA_kwCzR0hTQS03NDk2LWZndjkteHc4Ms4AA5Zq

go github.com/cilium/cilium
Moderate
over 2 years ago

Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy GSA_kwCzR0hTQS00eHAyLXc2NDItN21jeM4AA2C6

go github.com/cilium/cilium
Low
over 2 years ago

Specific Cilium configurations vulnerable to DoS via Kubernetes annotations GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5

go github.com/cilium/cilium
Moderate
over 2 years ago

Kubernetes users may update Pod labels to bypass network policy GSA_kwCzR0hTQS1najJyLXBod2ctNnJ3d84AA2C0

go github.com/cilium/cilium
Low
over 2 years ago

Cilium vulnerable to information leakage via incorrect ReferenceGrant handling GSA_kwCzR0hTQS1yN3dyLTR3NXEtNTVtNs4AAz51

go github.com/cilium/cilium
Moderate
over 2 years ago

Potential HTTP policy bypass when using header rules in Cilium GSA_kwCzR0hTQS0yaDQ0LXgyd3gtNDlmNM4AAzbE

go github.com/cilium/cilium
High
over 2 years ago

Debug mode leaks confidential data in Cilium GSA_kwCzR0hTQS1wZzVwLXd3cDgtOTdnOM4AAy3v

go github.com/cilium/cilium
Moderate
almost 3 years ago

Cilium eBPF filters may be temporarily removed during agent restart GSA_kwCzR0hTQS1yNXg2LXc0MnAtamhwcM4AAyLF

go github.com/cilium/cilium
Moderate
almost 3 years ago

Potential network policy bypass when routing IPv6 traffic GSA_kwCzR0hTQS04Zmc4LWpoMmgtZjJoY84AAyLE

go github.com/cilium/cilium
Moderate
almost 3 years ago

cilium-agent container can access the host via `hostPath` mount GSA_kwCzR0hTQS00aGM0LXBnZngtM21yeM4AAyLD

go github.com/cilium/cilium
Moderate
over 3 years ago

Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels GSA_kwCzR0hTQS1wZmhyLXBjY3AtaHdtaM4AAuix

go github.com/cilium/cilium
Low
over 3 years ago

Cilium host policy bypass in endpoint-routes mode with dual-stack GSA_kwCzR0hTQS13YzV2LXI0OHYtZzR2aM4AAtaF

go github.com/cilium/cilium
High
over 3 years ago

Improper Privilege Management in Cilium GSA_kwCzR0hTQS1mbXJmLWd2anAtNWo1Z84AAqwg

go github.com/cilium/cilium
High
over 3 years ago

Access to Unix domain socket can lead to privileges escalation in Cilium GSA_kwCzR0hTQS02cDh2LThjcTgtdjJyM84AAqwf

go github.com/cilium/cilium
Low
over 4 years ago

Network policy may be bypassed by some ICMP Echo Requests MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2NnctaHE1Ni00cTk3

go github.com/cilium/cilium

Filter by Severity

Moderate 20 Low 6 High 6