CVSS 3.1 Score 7.2 of 10 (high)


Published Mar 18, 2024
Updated: Mar 19, 2024
CWE ID 693


CVE-2024-28248 is a cyber vulnerability that affects Cilium, a networking, observability, and security solution with an eBPF-based dataplane. In versions 1.13.9 and prior to 1.13.13, 1.14.8, and 1.15.2 of Cilium, there is a flaw where HTTP policies are not consistently applied to all traffic in their scope, resulting in incorrect and intermittent forwarding of HTTP traffic that should have been dropped. This issue has been patched in the later versions (1.15.2, 1.14.8, and 1.13.13) of Cilium software. There are currently no known workarounds for this vulnerability, which is rated as high severity with a base score of 7.2 according to the CVSS v3 scoring system. The impact of this vulnerability includes low integrity and confidentiality impacts but no availability impact on the affected organization's systems or data security.

Note: The provided text does not contain specific details about how to remediate the vulnerability or the potential danger it poses to an organization beyond the mentioned impact scores and categories.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28248 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options