VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5nmc-mcb6-wkf8

Essentials
Severities (18)
References (7)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5nmc-mcb6-wkf8
Aliases	CVE-2024-28249 GHSA-j89h-qrvr-xc36
Summary	Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-311	Missing Encryption of Sensitive Data
CWE-319	Cleartext Transmission of Sensitive Information

System	Score	Found at
epss	0.00302	https://api.first.org/data/v1/epss?cve=CVE-2024-28249
epss	0.00302	https://api.first.org/data/v1/epss?cve=CVE-2024-28249
cvssv3.1	6.1	https://github.com/cilium/cilium
generic_textual	MODERATE	https://github.com/cilium/cilium
cvssv3.1	6.1	https://github.com/cilium/cilium/releases/tag/v1.13.13
generic_textual	MODERATE	https://github.com/cilium/cilium/releases/tag/v1.13.13
ssvc	Track	https://github.com/cilium/cilium/releases/tag/v1.13.13
cvssv3.1	6.1	https://github.com/cilium/cilium/releases/tag/v1.14.8
generic_textual	MODERATE	https://github.com/cilium/cilium/releases/tag/v1.14.8
ssvc	Track	https://github.com/cilium/cilium/releases/tag/v1.14.8
cvssv3.1	6.1	https://github.com/cilium/cilium/releases/tag/v1.15.2
generic_textual	MODERATE	https://github.com/cilium/cilium/releases/tag/v1.15.2
ssvc	Track	https://github.com/cilium/cilium/releases/tag/v1.15.2
cvssv3.1	6.1	https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
generic_textual	MODERATE	https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
ssvc	Track	https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2024-28249
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-28249

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-28249
		https://github.com/cilium/cilium
		https://nvd.nist.gov/vuln/detail/CVE-2024-28249
GHSA-j89h-qrvr-xc36		https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
v1.13.13		https://github.com/cilium/cilium/releases/tag/v1.13.13
v1.14.8		https://github.com/cilium/cilium/releases/tag/v1.14.8
v1.15.2		https://github.com/cilium/cilium/releases/tag/v1.15.2

No exploits are available.

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/cilium/cilium

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/cilium/cilium/releases/tag/v1.13.13

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:34:32Z/ Found at https://github.com/cilium/cilium/releases/tag/v1.13.13

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/cilium/cilium/releases/tag/v1.14.8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:34:32Z/ Found at https://github.com/cilium/cilium/releases/tag/v1.14.8

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/cilium/cilium/releases/tag/v1.15.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:34:32Z/ Found at https://github.com/cilium/cilium/releases/tag/v1.15.2

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-19T14:34:32Z/ Found at https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-28249

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.53939
EPSS Score	0.00302
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:32:11.734794+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/28xxx/CVE-2024-28249.json	38.6.0