VDB
CVE-2024-28860
CVE-2024-28860
PUBLISHED
CVSS 8 HIGH
Cilium has insecure IPsec transport encryption
EPSS 0.03% · 9.0th percentile
Risk Scores
CVSS v3.1
8
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS Score
0.03%
9.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | cilium/cilium | 1.4.0, 1.14.0, 1.15.0 |
| cilium | cilium | 0, 0, 0 |
| cilium | cilium | *, >= 1.4.0, <= 1.13.14, >= 1.15.0, < 1.15.3 |
Timeline
- Jan 21, 1970 Security Advisory
- Mar 27, 2024 CVE Published
- Mar 28, 2024 EPSS Score
- Mar 28, 2024 CVE Updated
- Apr 23, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 13, 2024 EPSS Score
- Jul 8, 2024 EPSS Score
- Aug 3, 2024 EPSS Score
- Aug 28, 2024 EPSS Score
- Sep 23, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
References
- https://github.com/cilium/cilium package
- https://pkg.go.dev/vuln/GO-2024-2666 url
- https://github.com/cilium/cilium/security/advisories/GHSA-pwqm-x5x6-5586 url
- https://github.com/cilium/cilium/commit/311fbce5280491cddceab178d83b06fa23688c72 url
- https://github.com/cilium/cilium/commit/a1742b478306fa256cd27df1039dfae0537b4149 url
- https://github.com/cilium/cilium/commit/a652c123331852cca90c74202f993d4170fd37fa url
- https://docs.cilium.io/en/stable/security/network/encryption-ipsec url
- https://nvd.nist.gov/vuln/detail/CVE-2024-28860 advisory