x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666

GoVulnBot · 2024-03-28T18:01:27Z

In GitHub Security Advisory GHSA-pwqm-x5x6-5586, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/cilium/cilium	1.15.3	>= 1.15.0, <= 1.15.2

Cross references:

Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-c66w-hq56-4q97 #393 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29178 #457 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29179 #458 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-wc5v-r48v-g4vh #530 NOT_GO_CODE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pfhr-pccp-hwmh #959 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4hc4-pgfx-3mrx #1642 NOT_GO_CODE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-8fg8-jh2h-f2hc #1643 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-r5x6-w42p-jhpp #1644 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-29002 #1730 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-2h44-x2wx-49f4 #1785 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-34242 #1862 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-gj2r-phwg-6rww #2078 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-24m5-r6hv-ccgp #2079 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4xp2-w642-7mcx #2080 EFFECTIVELY_PRIVATE
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-68mj-9pjq-mc85 #2653
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-j89h-qrvr-xc36 #2656
Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-v6q2-4qr3-5cw6 #2657

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/cilium/cilium
      versions:
        - introduced: TODO (earliest fixed "1.15.3", vuln range ">= 1.15.0, <= 1.15.2")
      packages:
        - package: github.com/cilium/cilium
    - module: github.com/cilium/cilium
      versions:
        - introduced: TODO (earliest fixed "1.14.9", vuln range ">= 1.14.0, <= 1.14.7")
      packages:
        - package: github.com/cilium/cilium
    - module: github.com/cilium/cilium
      versions:
        - introduced: TODO (earliest fixed "1.13.14", vuln range ">= 1.4.0, <= 1.13.13")
      packages:
        - package: github.com/cilium/cilium
summary: Cilium has insecure IPsec transport encryption
cves:
    - CVE-2024-28860
ghsas:
    - GHSA-pwqm-x5x6-5586
references:
    - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-pwqm-x5x6-5586
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-28860
    - fix: https://github.com/cilium/cilium/commit/311fbce5280491cddceab178d83b06fa23688c72
    - fix: https://github.com/cilium/cilium/commit/a1742b478306fa256cd27df1039dfae0537b4149
    - fix: https://github.com/cilium/cilium/commit/a652c123331852cca90c74202f993d4170fd37fa
    - web: https://docs.cilium.io/en/stable/security/network/encryption-ipsec
    - advisory: https://github.com/advisories/GHSA-pwqm-x5x6-5586

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-08T23:48:06Z

Change https://go.dev/cl/577396 mentions this issue: data/reports: add GO-2024-2666.yaml

neild self-assigned this Mar 29, 2024

gopherbot closed this as completed in d01fe31 Apr 16, 2024

GoVulnBot mentioned this issue Jun 13, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-37307 #2922

Closed

This was referenced Aug 15, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42487 #3071

Closed

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42488 #3072

Closed

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42486 #3074

Closed

GoVulnBot mentioned this issue Oct 21, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-47825 #3209

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666

GoVulnBot commented Mar 28, 2024

gopherbot commented Apr 8, 2024

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666

x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666

Comments

GoVulnBot commented Mar 28, 2024

gopherbot commented Apr 8, 2024