VDB
CVE-2024-28248
CVE-2024-28248
PUBLISHED
CVSS 7.199999809265137 HIGH
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue.
EPSS 1.02% · 77.5th percentile
Risk Scores
CVSS v3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS Score
1.02%
77.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cilium | cilium | 1.15.0, >= 1.15.0, < 1.15.2, 1.13.9 |
| github.com | cilium/cilium | 1.14.0, 1.13.9, 1.15.0 |
Timeline
- Jan 21, 1970 Security Advisory
- Mar 18, 2024 CVE Published
- Mar 19, 2024 EPSS Score
- Apr 14, 2024 EPSS Score
- May 10, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jul 1, 2024 EPSS Score
- Jul 27, 2024 EPSS Score
- Aug 22, 2024 EPSS Score
- Sep 17, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Nov 7, 2024 EPSS Score
References
- https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85 url
- https://docs.cilium.io/en/stable/security/policy/language/#http url
- https://github.com/cilium/cilium/releases/tag/v1.13.13 url
- https://github.com/cilium/cilium/releases/tag/v1.14.8 url
- https://github.com/cilium/cilium/releases/tag/v1.15.2 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-28248 advisory
- https://github.com/cilium/cilium package