Vulnerability-Lookup

CVE-2024-52529 (GCVE-0-2024-52529)

Vulnerability from cvelistv5 – Published: 2024-11-25 18:49 – Updated: 2024-11-26 14:28

Title

Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium

Summary

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

GitHub_M

References

URL

Tags

	https://github.com/cilium/cilium/security/advisor…	x_refsource_CONFIRM
	https://github.com/cilium/cilium/pull/35150	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	cilium	cilium	Affected: >= 1.16.0, < 1.16.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cilium",
            "vendor": "cilium",
            "versions": [
              {
                "lessThan": "1.16.4",
                "status": "affected",
                "version": "1.16.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52529",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T14:27:46.184253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:28:59.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cilium",
          "vendor": "cilium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.16.0, \u003c 1.16.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy\u0027s range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium\u0027s port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755: Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-25T18:49:15.616Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67"
        },
        {
          "name": "https://github.com/cilium/cilium/pull/35150",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cilium/cilium/pull/35150"
        }
      ],
      "source": {
        "advisory": "GHSA-xg58-75qf-9r67",
        "discovery": "UNKNOWN"
      },
      "title": "Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52529",
    "datePublished": "2024-11-25T18:49:15.616Z",
    "dateReserved": "2024-11-11T18:49:23.561Z",
    "dateUpdated": "2024-11-26T14:28:59.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-755\", \"lang\": \"en\", \"description\": \"CWE-755: Improper Handling of Exceptional Conditions\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"CHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67\"}, {\"name\": \"https://github.com/cilium/cilium/pull/35150\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/cilium/cilium/pull/35150\"}], \"affected\": [{\"vendor\": \"cilium\", \"product\": \"cilium\", \"versions\": [{\"version\": \"\u003e= 1.16.0, \u003c 1.16.4\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-11-25T18:49:15.616Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy\u0027s range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium\u0027s port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.\"}], \"source\": {\"advisory\": \"GHSA-xg58-75qf-9r67\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52529\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-26T14:27:46.184253Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*\"], \"vendor\": \"cilium\", \"product\": \"cilium\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.16.0\", \"lessThan\": \"1.16.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-26T14:28:52.950Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-52529\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2024-11-11T18:49:23.561Z\", \"datePublished\": \"2024-11-25T18:49:15.616Z\", \"dateUpdated\": \"2024-11-26T14:28:59.941Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-XG58-75QF-9R67

Vulnerability from github – Published: 2024-11-25 19:35 – Updated: 2024-12-04 16:22

Summary

Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

Details

Impact

For users with the following configuration:

An allow policy that selects a Layer 3 identity and a port range AND
A Layer 7 allow policy that selects a specific port within the first policy's range

then Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy.

This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16.

For reference, an example of a pair of policies that would trigger this issue is:

apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
  name: "layer-3-and-4"
spec:
  endpointSelector:
    matchLabels:
      app: service
  ingress:
    - fromCIDR:
      - 192.168.60.0/24
      toPorts:
      - ports:
        - port: "80"
          endPort: 444
          protocol: TCP

and

apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
  name: "layer-4-and-7"
spec:
  endpointSelector:
    matchLabels:
      app: service
  ingress:
    toPorts:
    - ports:
      - port: "80"
        protocol: TCP
      rules:
        http:
        - method: "GET"
          path: "/public"

In the above example, requests would be permitted to all HTTP paths on matching endpoints, rather than just GET requests to the /public path as intended by the layer-4-and-7 policy. In patched versions of Cilium, the layer-4-and-7 rule would take precedence over the layer-3-and-4 rule.

Patches

This issue is patched in https://github.com/cilium/cilium/pull/35150.

This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive.

This issue is patched in Cilium v1.16.4.

Workarounds

Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @jrajahalme for resolving this issue.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.

Severity ?

5.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.16.0"
            },
            {
              "fixed": "1.16.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-25T19:35:10Z",
    "nvd_published_at": "2024-11-25T19:15:11Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nFor users with the following configuration:\n\n* An allow policy that selects a [Layer 3 identity](https://docs.cilium.io/en/v1.14/security/policy/language/#layer-3-examples) and a [port range](https://docs.cilium.io/en/stable/security/policy/language/#example-port-ranges) **AND**\n* A [Layer 7 allow policy](https://docs.cilium.io/en/latest/security/policy/language/#layer-7-examples) that selects a specific port within the first policy\u0027s range \n\nthen Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy.\n\nThis issue only affects users who use Cilium\u0027s port range functionality, which was introduced in Cilium v1.16.\n\nFor reference, an example of a pair of policies that would trigger this issue is:\n\n```\napiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n  name: \"layer-3-and-4\"\nspec:\n  endpointSelector:\n    matchLabels:\n      app: service\n  ingress:\n    - fromCIDR:\n      - 192.168.60.0/24\n      toPorts:\n      - ports:\n        - port: \"80\"\n          endPort: 444\n          protocol: TCP\n```\nand\n```\napiVersion: \"cilium.io/v2\"\nkind: CiliumNetworkPolicy\nmetadata:\n  name: \"layer-4-and-7\"\nspec:\n  endpointSelector:\n    matchLabels:\n      app: service\n  ingress:\n    toPorts:\n    - ports:\n      - port: \"80\"\n        protocol: TCP\n      rules:\n        http:\n        - method: \"GET\"\n          path: \"/public\"\n```\n\nIn the above example, requests would be permitted to all HTTP paths on matching endpoints, rather than just `GET` requests to the `/public` path as intended by the `layer-4-and-7` policy. In patched versions of Cilium, the `layer-4-and-7` rule would take precedence over the `layer-3-and-4` rule.\n\n### Patches\n\nThis issue is patched in https://github.com/cilium/cilium/pull/35150.\n\nThis issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive.\n\nThis issue is patched in Cilium v1.16.4.\n\n### Workarounds\n\nUsers with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.\n\n### Acknowledgements\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @jrajahalme for resolving this issue.\n\n### For more information\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nIf you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and your report will be treated as top priority.\n",
  "id": "GHSA-xg58-75qf-9r67",
  "modified": "2024-12-04T16:22:27Z",
  "published": "2024-11-25T19:35:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52529"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/pull/35150"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Cilium\u0027s Layer 7 policy enforcement may not occur in policies with wildcarded port ranges"
}

bit-cilium-2024-52529

Vulnerability from bitnami_vulndb

Published

2024-11-27 19:10

Modified

2025-05-20 10:02

Summary

Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium

Details

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range AND 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "cilium",
        "purl": "pkg:bitnami/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.16.0"
            },
            {
              "fixed": "1.16.4"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52529"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:cilium:cilium:*:*:*:*:*:go:*:*"
    ],
    "severity": "Medium"
  },
  "details": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy\u0027s range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium\u0027s port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.",
  "id": "BIT-cilium-2024-52529",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-11-27T19:10:35.180Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/pull/35150"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52529"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium"
}

FKIE_CVE-2024-52529

Vulnerability from fkie_nvd - Published: 2024-11-25 19:15 - Updated: 2025-09-03 17:18

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/cilium/cilium/pull/35150	Patch
	security-advisories@github.com	https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	cilium	cilium	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BFDF1F0-34D0-40D4-8E60-C6FF295CD5A4",
              "versionEndExcluding": "1.16.4",
              "versionStartIncluding": "1.16.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy\u0027s range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium\u0027s port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic."
    },
    {
      "lang": "es",
      "value": "Cilium es una soluci\u00f3n de redes, observabilidad y seguridad con un plano de datos basado en eBPF. Para los usuarios con la siguiente configuraci\u00f3n: 1. Una pol\u00edtica de permiso que selecciona un destino de Capa 3 y un rango de puertos `AND` 2. Una pol\u00edtica de permiso de Capa 7 que selecciona un puerto espec\u00edfico dentro del rango de la primera pol\u00edtica, la aplicaci\u00f3n de Capa 7 no se producir\u00eda para el tr\u00e1fico seleccionado por la pol\u00edtica de Capa 7. Este problema solo afecta a los usuarios que utilizan la funcionalidad de rango de puertos de Cilium, que se introdujo en Cilium v1.16. Este problema est\u00e1 corregido en PR #35150. Este problema afecta a Cilium v1.16 entre v1.16.0 y v1.16.3 inclusive. Este problema est\u00e1 corregido en Cilium v1.16.4. Se recomienda a los usuarios que actualicen. Los usuarios con pol\u00edticas de red que coincidan con el patr\u00f3n descrito anteriormente pueden solucionar el problema reescribiendo cualquier pol\u00edtica que utilice rangos de puertos para especificar individualmente los puertos permitidos para el tr\u00e1fico."
    }
  ],
  "id": "CVE-2024-52529",
  "lastModified": "2025-09-03T17:18:14.773",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-25T19:15:11.373",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/cilium/cilium/pull/35150"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-52529 (GCVE-0-2024-52529)

GHSA-XG58-75QF-9R67

Impact

Patches

Workarounds

Acknowledgements

For more information

bit-cilium-2024-52529

Vulnerability from bitnami_vulndb

FKIE_CVE-2024-52529

Tags

Sightings

Nomenclature