modules:
- module: github.com/cilium/cilium
versions:
- introduced: 1.15.0
fixed: 1.15.2
vulnerable_at: 1.15.1
packages:
- package: github.com/cilium/cilium
- module: github.com/cilium/cilium
versions:
- introduced: 1.14.0
fixed: 1.14.8
vulnerable_at: 1.14.7
packages:
- package: github.com/cilium/cilium
summary: Unencrypted traffic between nodes when using WireGuard and L7 policies
cves:
- CVE-2024-28250
ghsas:
- GHSA-v6q2-4qr3-5cw6
references:
- advisory: https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6
- advisory: https://github.com/advisories/GHSA-v6q2-4qr3-5cw6
In GitHub Security Advisory GHSA-v6q2-4qr3-5cw6, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.