CVE-2024-25631: Unencrypted traffic between pods when using Wireguard and an external kvstore
(updated )
For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted.
References
- docs.cilium.io/en/stable/installation/k8s-install-external-etcd/
- docs.cilium.io/en/stable/security/network/encryption-wireguard/
- github.com/advisories/GHSA-x989-52fc-4vr4
- github.com/cilium/cilium
- github.com/cilium/cilium/releases/tag/v1.14.7
- github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4
- nvd.nist.gov/vuln/detail/CVE-2024-25631
Detect and mitigate CVE-2024-25631 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →