Missing Encryption of Sensitive Data
CVE-2024-28250
Summary
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions 1.14.0-pre.2 through 1.14.7, 1.15.0-pre.0 through 1.15.1, and 1.16.0-pre.0 In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium native routing mode ("routingMode=native") and Cilium tunneling mode ("routingMode=tunnel"). Not that in tunneling mode, "encryption.wireguard.encapsulate" must be set to "true". There is no known workaround for this issue.
- HIGH
- ADJACENT_NETWORK
- NONE
- CHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-311 - Missing Encryption of Sensitive Data
The software does not encrypt sensitive or critical information before storage or transmission.
References
Advisory Timeline
- Published