CVE-2024-42486
MEDIUM5.4EPSS 0.24%Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium
發布日:2024/8/16修改日:2026/2/4
描述
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium
受影響套件(5)
- Bitnami/cilium>= 1.15.0, < 1.16.1
- Bitnami/cilium-operator>= 1.15.4, < 1.16.1
- Bitnami/hubble-relay>= 1.15.0, < 1.16.1
- Go/github.com/cilium/cilium>= 1.16.0, < 1.16.1
- Go/github.com/cilium/cilium>= 1.15.0, < 1.15.8, >= 1.16.0, < 1.16.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-42486
- PATCHhttps://github.com/cilium/cilium
- WEBhttps://github.com/cilium/cilium/commit/414a96b53d51ef6e6645c44426e26bc8e7c7c059
- WEBhttps://github.com/cilium/cilium/commit/92c110e58a7be6586819dd51fb0f6ee1ec4be8f8
- WEBhttps://github.com/cilium/cilium/commit/ed3dfa0aab8b80f7e841a6d49d2a990ac2dca053
- WEBhttps://github.com/cilium/cilium/pull/34032
- WEBhttps://github.com/cilium/cilium/security/advisories/GHSA-vwf8-q6fw-4wcm