Skip to content

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666

Description

@GoVulnBot

In GitHub Security Advisory GHSA-pwqm-x5x6-5586, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/cilium/cilium 1.15.3 >= 1.15.0, <= 1.15.2

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/cilium/cilium
      versions:
        - introduced: TODO (earliest fixed "1.15.3", vuln range ">= 1.15.0, <= 1.15.2")
      packages:
        - package: github.com/cilium/cilium
    - module: github.com/cilium/cilium
      versions:
        - introduced: TODO (earliest fixed "1.14.9", vuln range ">= 1.14.0, <= 1.14.7")
      packages:
        - package: github.com/cilium/cilium
    - module: github.com/cilium/cilium
      versions:
        - introduced: TODO (earliest fixed "1.13.14", vuln range ">= 1.4.0, <= 1.13.13")
      packages:
        - package: github.com/cilium/cilium
summary: Cilium has insecure IPsec transport encryption
cves:
    - CVE-2024-28860
ghsas:
    - GHSA-pwqm-x5x6-5586
references:
    - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-pwqm-x5x6-5586
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-28860
    - fix: https://github.com/cilium/cilium/commit/311fbce5280491cddceab178d83b06fa23688c72
    - fix: https://github.com/cilium/cilium/commit/a1742b478306fa256cd27df1039dfae0537b4149
    - fix: https://github.com/cilium/cilium/commit/a652c123331852cca90c74202f993d4170fd37fa
    - web: https://docs.cilium.io/en/stable/security/network/encryption-ipsec
    - advisory: https://github.com/advisories/GHSA-pwqm-x5x6-5586

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions