CVE-2023-30851

Potential HTTP policy bypass when using header rules in Cilium in go/github.com/cilium/cilium

Identifiers

GHSA-2h44-x2wx-49f4, CVE-2023-30851

Package Slug

go/github.com/cilium/cilium

Vulnerability

Potential HTTP policy bypass when using header rules in Cilium

Description

Impact

This issue only impacts users who:

  • Have a HTTP policy that applies to multiple toEndpoints AND
  • Have an allow-all rule in place that affects only one of those endpoints

In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies.

Affected Versions

All versions before 1.11.16, all versions starting from 1.12.0 before 1.12.9, all versions starting from 1.13.0 before 1.13.2

Solution

Upgrade to versions 1.11.16, 1.12.9, 1.13.2 or above.

Last Modified

2023-05-23

source