2024-11-28
Platform:
Cilium
Version:
v1.16.0 – v1.16.3 (inclusive)
Vulnerability:
Layer 7 policy enforcement bypass with port ranges
Severity:
Medium
Date:
What Undercode Says:
Cilium v1.16 introduced a vulnerability that could allow Layer 7 policy enforcement to be bypassed when using port ranges in network policies. This means traffic that should be restricted based on HTTP methods and paths could be allowed unrestricted.
Impact:
This vulnerability only affects users who utilize
Exploit:
An attacker could potentially exploit this vulnerability to gain unauthorized access to resources or perform actions not permitted by the intended Layer 7 policy.
Patched Versions:
This vulnerability has been patched in Cilium v1.16.4.
Workaround:
As a workaround, users can rewrite network policies using port ranges to individually specify each port allowed for traffic.
Recommendation:
We strongly recommend upgrading Cilium to version 1.16.4 or later to mitigate this vulnerability. If upgrading is not immediately possible, update your network policies to avoid using port ranges and explicitly specify each allowed port.
References:
Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help