Access Control Bypass Affecting github.com/cilium/cilium/pkg/bpf package, versions <1.10.13>=1.11.0 <1.11.7


Severity

Recommended
0.0
low
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Access Control Bypass vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-GOLANG-GITHUBCOMCILIUMCILIUMPKGBPF-2958043
  • published26 Jul 2022
  • disclosed15 Jul 2022
  • creditPaul Chaignon

Introduced: 15 Jul 2022

CVE NOT AVAILABLE CWE-284  (opens in a new tab)

How to fix?

Upgrade github.com/cilium/cilium/pkg/bpf to version 1.10.13, 1.11.7 or higher.

Overview

github.com/cilium/cilium/pkg/bpf is an eBPF-based Networking, Security, and Observability

Affected versions of this package are vulnerable to Access Control Bypass when IPv6 traffic is sent from a Cilium-managed pod to the host-network namespace. If IPv4, IPv6, and endpoint routes are in use, and the host firewall is enabled (which it is not by default), host policy enforcement can be bypassed.

CVSS Base Scores

version 3.1