-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-34242 #1862
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
neild
added
the
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
label
Jun 20, 2023
Change https://go.dev/cl/504860 mentions this issue: |
This was referenced Sep 26, 2023
This was referenced Feb 20, 2024
This was referenced Mar 18, 2024
Change https://go.dev/cl/592761 mentions this issue: |
Change https://go.dev/cl/606787 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 20, 2024
- data/reports/GO-2023-1862.yaml - data/reports/GO-2023-1863.yaml - data/reports/GO-2023-1864.yaml - data/reports/GO-2023-1865.yaml - data/reports/GO-2023-1866.yaml - data/reports/GO-2023-1871.yaml - data/reports/GO-2023-1879.yaml - data/reports/GO-2023-1887.yaml - data/reports/GO-2023-1888.yaml - data/reports/GO-2023-1891.yaml - data/reports/GO-2023-1892.yaml - data/reports/GO-2023-1894.yaml - data/reports/GO-2023-1895.yaml - data/reports/GO-2023-1896.yaml - data/reports/GO-2023-1897.yaml - data/reports/GO-2023-1898.yaml - data/reports/GO-2023-1899.yaml - data/reports/GO-2023-1900.yaml - data/reports/GO-2023-1901.yaml - data/reports/GO-2023-1911.yaml Updates #1862 Updates #1863 Updates #1864 Updates #1865 Updates #1866 Updates #1871 Updates #1879 Updates #1887 Updates #1888 Updates #1891 Updates #1892 Updates #1894 Updates #1895 Updates #1896 Updates #1897 Updates #1898 Updates #1899 Updates #1900 Updates #1901 Updates #1911 Change-Id: Iffcbe8e6325ef654a17298cd4c7072192626ad21 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606787 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2023-34242 references github.com/cilium/cilium, which may be a Go module.
Description:
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to version 1.13.4, when Gateway API is enabled in Cilium, the absence of a check on the namespace in which a ReferenceGrant is created could result in Cilium unintentionally gaining visibility of secrets (including certificates) and services across namespaces. An attacker on an affected cluster can leverage this issue to use cluster secrets that should not be visible to them, or communicate with services that they should not have access to. Gateway API functionality is disabled by default. This vulnerability is fixed in Cilium release 1.13.4. As a workaround, restrict the creation of
ReferenceGrant
resources to admin users by using Kubernetes RBAC.References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: