Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-27594 #1648

Closed
GoVulnBot opened this issue Mar 17, 2023 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-27594 #1648

GoVulnBot opened this issue Mar 17, 2023 · 1 comment
Assignees
@neild
Labels
duplicate

Comments

@GoVulnBot
Copy link

CVE-2023-27594 references github.com/cilium/cilium, which may be a Go module.

Description:
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.

References:

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/cilium/cilium
    packages:
      - package: cilium
description: |
    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.
cves:
  - CVE-2023-27594
references:
  - web: https://github.com/cilium/cilium/releases/tag/v1.11.15
  - web: https://github.com/cilium/cilium/releases/tag/v1.12.8
  - web: https://github.com/cilium/cilium/releases/tag/v1.13.1
  - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-8fg8-jh2h-f2hc
@neild neild self-assigned this Mar 21, 2023
@neild neild added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Mar 21, 2023
@jba jba added duplicate and removed excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. labels Mar 21, 2023
@jba
Copy link
Contributor

jba commented Mar 21, 2023

Duplicate of #1643

@jba jba marked this as a duplicate of #1643 Mar 21, 2023
@tatianab tatianab closed this as completed Apr 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neild neild

Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@neild @tatianab @jba @GoVulnBot