Interpretation Conflict

CVE-2024-42487

Medium

4.3/10

Summary

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium versions v1.13.0-rc1 through v1.13.18, v1.14.0-snapshot.0 through v1.14.14, v1.15.0-pre.0 through v1.15.7, v1.16.0-pre.0 through v1.16.0, Gateway API "HTTPRoutes" and "GRPCRoutes" do not follow the match precedence outlined in the Gateway API specification. Specifically, request headers are matched before request methods, despite the specification requiring that request methods take precedence over headers. There is no workaround for this issue.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-436 - Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

References

Advisory Timeline

Published Aug 15, 2024

Interpretation Conflict

CVE-2024-42487

Summary

CWE-436 - Interpretation Conflict

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS