x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-68mj-9pjq-mc85 #2653

GoVulnBot · 2024-03-18T21:01:30Z

In GitHub Security Advisory GHSA-68mj-9pjq-mc85, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/cilium/cilium	1.15.2	>= 1.15.0, < 1.15.2

Cross references:

Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-c66w-hq56-4q97 #393 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29178 #457 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29179 #458 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-wc5v-r48v-g4vh #530 NOT_GO_CODE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pfhr-pccp-hwmh #959 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4hc4-pgfx-3mrx #1642 NOT_GO_CODE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-8fg8-jh2h-f2hc #1643 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-r5x6-w42p-jhpp #1644 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-29002 #1730 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-2h44-x2wx-49f4 #1785 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-34242 #1862 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-gj2r-phwg-6rww #2078 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-24m5-r6hv-ccgp #2079 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4xp2-w642-7mcx #2080 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/cilium/cilium
      versions:
        - introduced: 1.15.0
          fixed: 1.15.2
      vulnerable_at: 1.15.1
      packages:
        - package: github.com/cilium/cilium
    - module: github.com/cilium/cilium
      versions:
        - introduced: 1.14.0
          fixed: 1.14.8
      vulnerable_at: 1.14.7
      packages:
        - package: github.com/cilium/cilium
    - module: github.com/cilium/cilium
      versions:
        - introduced: 1.13.9
          fixed: 1.13.13
      vulnerable_at: 1.13.12
      packages:
        - package: github.com/cilium/cilium
summary: Intermittent HTTP policy bypass
cves:
    - CVE-2024-28248
ghsas:
    - GHSA-68mj-9pjq-mc85
references:
    - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85
    - advisory: https://github.com/advisories/GHSA-68mj-9pjq-mc85

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-03-22T06:10:55Z

Change https://go.dev/cl/573655 mentions this issue: data/reports: add GO-2024-2653.yaml

timothy-king self-assigned this Mar 19, 2024

gopherbot closed this as completed in adb5217 Mar 22, 2024

GoVulnBot mentioned this issue Mar 28, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666

Closed

GoVulnBot mentioned this issue Jun 13, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-37307 #2922

Closed

GoVulnBot mentioned this issue Oct 21, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-47825 #3209

Closed

GoVulnBot mentioned this issue Nov 25, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-52529 #3290

Closed

This was referenced Jan 22, 2025

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-9m5p-c77c-f9j7 #3415

Closed

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-h78m-j95m-5356 #3416

Closed

This was referenced Mar 24, 2025

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2025-30162 #3560

Closed

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2025-30163 #3561

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-68mj-9pjq-mc85 #2653

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-68mj-9pjq-mc85 #2653

GoVulnBot commented Mar 18, 2024

gopherbot commented Mar 22, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-68mj-9pjq-mc85 #2653

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-68mj-9pjq-mc85 #2653

Comments

GoVulnBot commented Mar 18, 2024

gopherbot commented Mar 22, 2024