CVE-2024-25630

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 20, 2024
CWE ID 311

Summary

CVE-2024-25630 is a vulnerability in Cilium, a networking, observability, and security solution with an eBPF-based dataplane. The issue affects Cilium v1.14 before v1.14.7 and impacts users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption. It has been identified that traffic to/from the Ingress and health endpoints is not encrypted in this configuration. The vulnerability has been patched in Cilium v1.14.7 and there is no known workaround for this issue. The potential danger it poses to an organization is high confidentiality impact, as the traffic is not encrypted, making it susceptible to malicious interception or unauthorized access by attackers on the adjacent network.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25630 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options