CVE-2024-42486
MEDIUM5.4EPSS 0.24%Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium
Published: 8/16/2024Modified: 2/4/2026
Description
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium
Affected packages (5)
- Bitnami/cilium>= 1.15.0, < 1.16.1
- Bitnami/cilium-operator>= 1.15.4, < 1.16.1
- Bitnami/hubble-relay>= 1.15.0, < 1.16.1
- Go/github.com/cilium/cilium>= 1.16.0, < 1.16.1
- Go/github.com/cilium/cilium>= 1.15.0, < 1.15.8, >= 1.16.0, < 1.16.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-42486
- PATCHhttps://github.com/cilium/cilium
- WEBhttps://github.com/cilium/cilium/commit/414a96b53d51ef6e6645c44426e26bc8e7c7c059
- WEBhttps://github.com/cilium/cilium/commit/92c110e58a7be6586819dd51fb0f6ee1ec4be8f8
- WEBhttps://github.com/cilium/cilium/commit/ed3dfa0aab8b80f7e841a6d49d2a990ac2dca053
- WEBhttps://github.com/cilium/cilium/pull/34032
- WEBhttps://github.com/cilium/cilium/security/advisories/GHSA-vwf8-q6fw-4wcm