SB2024082857 - Multiple vulnerabilities in Cilium
Published: August 28, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2024-42487)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to HTTP header injection. A remote attacker can gain unauthorized access to sensitive information on the system.
2) Information disclosure (CVE-ID: CVE-2024-42486)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect referenceGrant update logic in Gateway API. A remote attacker can gain unauthorized access to sensitive information on the system.
3) Race condition (CVE-ID: CVE-2024-42488)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a race condition in Cilium agent. A remote attacker can exploit the race and gain unauthorized access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://github.com/cilium/cilium/security/advisories/GHSA-qcm3-7879-xcww
- https://github.com/cilium/cilium/pull/34109
- https://github.com/cilium/cilium/commit/a3510fe4a92305822aa1a5e08cb6d6c873c8699a
- https://github.com/cilium/cilium/security/advisories/GHSA-vwf8-q6fw-4wcm
- https://github.com/cilium/cilium/pull/34032
- https://github.com/cilium/cilium/commit/ed3dfa0aab8b80f7e841a6d49d2a990ac2dca053
- https://github.com/cilium/cilium/security/advisories/GHSA-q7w8-72mr-vpgw
- https://github.com/cilium/cilium/pull/33511
- https://github.com/cilium/cilium/commit/aa44dd148a9be95e07782e4f990e61678ef0abf8