{"url":"http://public2.vulnerablecode.io/api/packages/108149?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.14.8","type":"golang","namespace":"github.com/cilium","name":"cilium","version":"1.14.8","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.14.9","latest_non_vulnerable_version":"1.19.3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85442?format=json","vulnerability_id":"VCID-h11c-6tfy-sfe4","summary":"Intermittent HTTP policy bypass\n### Impact\n\nCilium's [HTTP policies](https://docs.cilium.io/en/stable/security/policy/language/#http) are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped.\n\n### Patches\n\nThis issue affects:\n\n* Cilium v1.13 between v1.13.9 and v1.13.12 inclusive\n* Cilium v1.14 between v1.14.0 and v1.14.7 inclusive\n* Cilium v1.15.0 and v1.15.1\n\nThis issue has been patched in:\n\n* Cilium v1.15.2\n* Cilium v1.14.8\n* Cilium v1.13.13\n\n### Workarounds\n\nThere is no workaround for this issue – affected users are strongly encouraged to upgrade.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @romikps for discovering and reporting this issue, and @sayboras and @jrajahalme for preparing the fix.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nIf you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium internal security team, and your report will be treated as top priority.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28248","reference_id":"","reference_type":"","scores":[{"value":"0.01021","scoring_system":"epss","scoring_elements":"0.77616","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01021","scoring_system":"epss","scoring_elements":"0.77596","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01021","scoring_system":"epss","scoring_elements":"0.77615","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01021","scoring_system":"epss","scoring_elements":"0.77607","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28248"},{"reference_url":"https://docs.cilium.io/en/stable/security/policy/language/#http","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:21Z/"}],"url":"https://docs.cilium.io/en/stable/security/policy/language/#http"},{"reference_url":"https://github.com/cilium/cilium","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cilium/cilium"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.13.13","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:21Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.13.13"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.14.8","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:21Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.14.8"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.15.2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:21Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.15.2"},{"reference_url":"https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:21:21Z/"}],"url":"https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28248","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28248"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108148?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.13.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.13.13"},{"url":"http://public2.vulnerablecode.io/api/packages/108149?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.14.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.14.8"},{"url":"http://public2.vulnerablecode.io/api/packages/108151?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.15.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.15.2"}],"aliases":["CVE-2024-28248","GHSA-68mj-9pjq-mc85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h11c-6tfy-sfe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85321?format=json","vulnerability_id":"VCID-rhat-81jf-fuea","summary":"Unencrypted traffic between nodes when using IPsec and L7 policies\n### Impact\n\nIn Cilium clusters with IPsec enabled and traffic matching Layer 7 policies:\n\n- Traffic that should be IPsec-encrypted between a node's Envoy proxy and pods on other nodes is sent unencrypted\n- Traffic that should be IPsec-encrypted between a node's DNS proxy and pods on other nodes is sent unencrypted\n\n**Note:** For clusters running in native routing mode, IPsec encryption is not applied to connections which are selected by a L7 Egress Network Policy or a DNS Policy. This is a known limitation of Cilium's IPsec encryption which will continue to apply after upgrading to the latest Cilium versions described below.\n\n### Patches\n\nThis issue affects: \n\n- Cilium v1.15 before v1.15.2\n- Cilium v1.14 before v1.14.8\n- Cilium v1.13 before v1.13.13\n- Cilium v1.4 to v1.12 inclusive\n\nThis issue has been resolved in:\n\n- Cilium v1.15.2\n-  Cilium v1.14.8\n-  Cilium v1.13.13\n\n### Workarounds\nThere is no workaround to this issue.\n\n### Acknowledgements\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @jschwinger233, @julianwiedmann, @giorio94, and @jrajahalme for their work in triaging and resolving this issue.   \n\n### For more information\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nIf you think you have found a vulnerability in Cilium, we strongly encourage you to report it to our private security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list that only members of the Cilium internal security team are subscribed to, and your report will be treated as top priority.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28249","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53875","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53871","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53848","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5387","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53883","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28249"},{"reference_url":"https://github.com/cilium/cilium","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cilium/cilium"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.13.13","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:34:32Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.13.13"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.14.8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:34:32Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.14.8"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.15.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:34:32Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.15.2"},{"reference_url":"https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:34:32Z/"}],"url":"https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28249"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108148?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.13.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.13.13"},{"url":"http://public2.vulnerablecode.io/api/packages/108149?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.14.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.14.8"},{"url":"http://public2.vulnerablecode.io/api/packages/108151?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.15.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.15.2"}],"aliases":["CVE-2024-28249","GHSA-j89h-qrvr-xc36"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhat-81jf-fuea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85345?format=json","vulnerability_id":"VCID-vmbq-dc8t-3qcr","summary":"Unencrypted traffic between nodes when using WireGuard and L7 policies\n### Impact\n\nIn Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies:\n\n- Traffic that should be WireGuard-encrypted is sent unencrypted between a node's Envoy proxy and pods on other nodes.\n- Traffic that should be WireGuard-encrypted is sent unencrypted between a node's DNS proxy and pods on other nodes.\n\n### Patches\n\nThis issue affects:\n\n* In native routing mode (`routingMode=native`):\n  * Cilium v1.14 versions before v1.14.8\n  * Cilium v1.15 versions before v1.15.2\n* In tunneling mode (`routingMode=tunnel`):\n  * Cilium v1.14 versions before v1.14.4\n  * Cilium v1.14.4 if `encryption.wireguard.encapsulate` is set to `false` (default).\n\nThis issue has been resolved in:\n\n* In native routing mode (`routingMode=native`):\n  * Cilium v1.14.8\n  * Cilium v1.15.2\n* In tunneling mode (`routingMode=tunnel`):\n  * Cilium v1.14.4. **NOTE** `encryption.wireguard.encapsulate` must be set to `true`.\n   \n### Workarounds\n\nThere is no workaround to this issue.\n\n### Acknowledgements\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @brb, @giorio94, @gandro and @jschwinger233 for their work on triaging and remediating this issue.\n\n### For more information\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nIf you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list where only members of the Cilium internal security team are subscribed to, and your report will be treated as top priority.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28250","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16418","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1631","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16291","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16373","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16416","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28250"},{"reference_url":"https://github.com/cilium/cilium","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cilium/cilium"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.13.13","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:36:42Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.13.13"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.14.8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:36:42Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.14.8"},{"reference_url":"https://github.com/cilium/cilium/releases/tag/v1.15.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:36:42Z/"}],"url":"https://github.com/cilium/cilium/releases/tag/v1.15.2"},{"reference_url":"https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:36:42Z/"}],"url":"https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28250","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/108149?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.14.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.14.8"},{"url":"http://public2.vulnerablecode.io/api/packages/108151?format=json","purl":"pkg:golang/github.com/cilium/cilium@1.15.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.15.2"}],"aliases":["CVE-2024-28250","GHSA-v6q2-4qr3-5cw6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmbq-dc8t-3qcr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.14.8"}