CVE-2024-25631

MEDIUM

Cilium <1.14.7 - Info Disclosure

Title source: llm

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.

References (4)

[Vendor Advisory] https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4

[Product] https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore

[Product] https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg

[Release Notes] https://github.com/cilium/cilium/releases/tag/v1.14.7

Scores

CVSS v3 6.1

EPSS 0.0005

EPSS Percentile 15.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-319 CWE-311

Status published

Products (2)

cilium/cilium 1.14.0 - 1.14.7

cilium/cilium 1.14.0 - 1.14.7Go

Published Feb 20, 2024

Tracked Since Feb 18, 2026