-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-29002 #1730
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
neild
added
the
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
label
Jun 13, 2023
Change https://go.dev/cl/503837 mentions this issue: |
This was referenced Sep 26, 2023
This was referenced Feb 20, 2024
This was referenced Mar 18, 2024
Change https://go.dev/cl/592760 mentions this issue: |
Change https://go.dev/cl/606785 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 20, 2024
- data/reports/GO-2023-1700.yaml - data/reports/GO-2023-1701.yaml - data/reports/GO-2023-1707.yaml - data/reports/GO-2023-1708.yaml - data/reports/GO-2023-1716.yaml - data/reports/GO-2023-1718.yaml - data/reports/GO-2023-1719.yaml - data/reports/GO-2023-1721.yaml - data/reports/GO-2023-1723.yaml - data/reports/GO-2023-1730.yaml - data/reports/GO-2023-1735.yaml - data/reports/GO-2023-1738.yaml - data/reports/GO-2023-1747.yaml - data/reports/GO-2023-1754.yaml - data/reports/GO-2023-1758.yaml - data/reports/GO-2023-1761.yaml - data/reports/GO-2023-1763.yaml - data/reports/GO-2023-1764.yaml - data/reports/GO-2023-1768.yaml - data/reports/GO-2023-1774.yaml Updates #1700 Updates #1701 Updates #1707 Updates #1708 Updates #1716 Updates #1718 Updates #1719 Updates #1721 Updates #1723 Updates #1730 Updates #1735 Updates #1738 Updates #1747 Updates #1754 Updates #1758 Updates #1761 Updates #1763 Updates #1764 Updates #1768 Updates #1774 Change-Id: I3fc567427d68e095cc62ea48dc9b284b2414a372 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606785 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Change https://go.dev/cl/607456 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
Fix reports which won't pass an upcoming lint check by merging / collapsing their version ranges. - data/reports/GO-2022-0617.yaml - data/reports/GO-2023-1573.yaml - data/reports/GO-2023-1574.yaml - data/reports/GO-2023-1730.yaml - data/reports/GO-2023-1946.yaml - data/reports/GO-2024-2784.yaml Updates #617 Updates #1573 Updates #1574 Updates #1730 Updates #1946 Updates #2784 Change-Id: If02308deccab77b00cf10cb3619263e456d1ea64 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607456 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2023-29002 references github.com/cilium/cilium, which may be a Go module.
Description:
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the
cilium-secrets
namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: