CVE-2024-25631 MEDIUM

CVE-2024-25631: Unencrypted traffic between pods when using Wireguard and an external kvstore

Vendor Cilium
Product cilium
Weakness CWE-311 · Missing encryption
Published February 20, 2024
Last update August 26, 2024

CVSS base score

6.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.

Key dates

02Disclosure timeline

February 20, 2024 CVE published
August 26, 2024 Record updated