cvelistv5 - cve-2023-29002

CVE-2023-29002 (GCVE-0-2023-29002)

Vulnerability from cvelistv5 – Published: 2023-04-18 21:21 – Updated: 2025-02-05 20:54

Summary

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-532 - Insertion of Sensitive Information into Log File

Assigner

GitHub_M

References

URL

Tags

https://github.com/cilium/cilium/security/advisor…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	cilium	cilium	Affected: >= 1.7, < 1.11.16 Affected: >= 1.12.0, < 1.12.9 Affected: >= 1.13.0, < 1.13.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:51:39.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T20:54:41.081103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T20:54:52.695Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cilium",
          "vendor": "cilium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.7, \u003c 1.11.16"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.12.0, \u003c 1.12.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.13.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T21:21:11.033Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
        }
      ],
      "source": {
        "advisory": "GHSA-pg5p-wwp8-97g8",
        "discovery": "UNKNOWN"
      },
      "title": "Debug mode leaks confidential data in Cilium"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-29002",
    "datePublished": "2023-04-18T21:21:11.033Z",
    "dateReserved": "2023-03-29T17:39:16.142Z",
    "dateUpdated": "2025-02-05T20:54:52.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.7.0\", \"versionEndExcluding\": \"1.11.16\", \"matchCriteriaId\": \"4AFD7B49-00F8-4038-AE8C-AA01DA212E38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.12.0\", \"versionEndExcluding\": \"1.12.9\", \"matchCriteriaId\": \"A8371AD7-2C69-4584-B0C3-2AB4E632FC37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.13.0\", \"versionEndExcluding\": \"1.13.2\", \"matchCriteriaId\": \"B2A8D7A6-200B-443C-B171-512964293B8D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.\"}]",
      "id": "CVE-2023-29002",
      "lastModified": "2024-11-21T07:56:22.330",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.2}]}",
      "published": "2023-04-18T22:15:07.897",
      "references": "[{\"url\": \"https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-29002\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-04-18T22:15:07.897\",\"lastModified\":\"2024-11-21T07:56:22.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.7.0\",\"versionEndExcluding\":\"1.11.16\",\"matchCriteriaId\":\"4AFD7B49-00F8-4038-AE8C-AA01DA212E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12.0\",\"versionEndExcluding\":\"1.12.9\",\"matchCriteriaId\":\"A8371AD7-2C69-4584-B0C3-2AB4E632FC37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndExcluding\":\"1.13.2\",\"matchCriteriaId\":\"B2A8D7A6-200B-443C-B171-512964293B8D\"}]}]}],\"references\":[{\"url\":\"https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8\", \"name\": \"https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T13:51:39.124Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-29002\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-05T20:54:41.081103Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-05T20:54:47.198Z\"}}], \"cna\": {\"title\": \"Debug mode leaks confidential data in Cilium\", \"source\": {\"advisory\": \"GHSA-pg5p-wwp8-97g8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"cilium\", \"product\": \"cilium\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.7, \u003c 1.11.16\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.12.0, \u003c 1.12.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.13.0, \u003c 1.13.2\"}]}], \"references\": [{\"url\": \"https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8\", \"name\": \"https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532: Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-04-18T21:21:11.033Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-29002\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-05T20:54:52.695Z\", \"dateReserved\": \"2023-03-29T17:39:16.142Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-04-18T21:21:11.033Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-PG5P-WWP8-97G8

Vulnerability from github – Published: 2023-04-19 18:16 – Updated: 2023-04-19 18:16

Summary

Debug mode leaks confidential data in Cilium

Details

Impact

When run in debug mode, Cilium may log sensitive information.

In particular, Cilium running in debug mode will log the values of headers if they match HTTP network policy rules. This issue affects Cilium versions:

1.7. to 1.10. inclusive
1.11.* before 1.11.16
1.12.* before 1.12.9
1.13.* before 1.13.2

In addition, Cilium 1.12. before 1.12.9 and 1.13. before 1.13.2., when running in debug mode, might log secrets used by the Cilium agent. This includes TLS private keys for Ingress and GatewayAPI resources, depending on the configuration of the affected cluster. Output of the confidential data would occur at Cilium agent restart, when the secrets are modified, and on creation of Ingress or GatewayAPI resources.

Patches

This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2.

Workarounds

Disable debug mode.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @meyskens for investigating and fixing the issue.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

As usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.0"
            },
            {
              "last_affected": "1.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0"
            },
            {
              "fixed": "1.12.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29002"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-19T18:16:51Z",
    "nvd_published_at": "2023-04-18T22:15:07Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nWhen run in debug mode, Cilium may log sensitive information.\n\nIn particular, Cilium running in debug mode will log the values of headers if they match HTTP network policy rules. This issue affects Cilium versions:\n\n- 1.7.* to 1.10.* inclusive\n- 1.11.* before 1.11.16\n- 1.12.* before 1.12.9\n- 1.13.* before 1.13.2\n\nIn addition, Cilium 1.12.* before 1.12.9 and 1.13.* before 1.13.2., when running in debug mode, might log secrets used by the Cilium agent. This includes TLS private keys for Ingress and GatewayAPI resources, depending on the configuration of the affected cluster. Output of the confidential data would occur at Cilium agent restart, when the secrets are modified, and on creation of Ingress or GatewayAPI resources.\n\n### Patches\n\nThis vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2.\n\n### Workarounds\nDisable debug mode.\n\n### Acknowledgements\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @meyskens for investigating and fixing the issue.\n\n### For more information\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nAs usual, if you think you found a related vulnerability, we strongly encourage you to report security vulnerabilities to our private security mailing list: [security@cilium.io](mailto:security@cilium.io) - first, before disclosing them in any public forums. This is a private mailing list where only members of the Cilium internal security team are subscribed to, and is treated as top priority.\n",
  "id": "GHSA-pg5p-wwp8-97g8",
  "modified": "2023-04-19T18:16:51Z",
  "published": "2023-04-19T18:16:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29002"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Debug mode leaks confidential data in Cilium"
}

GSD-2023-29002

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-29002

Aliases

CVE-2023-29002

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-29002",
    "id": "GSD-2023-29002"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-29002"
      ],
      "details": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.",
      "id": "GSD-2023-29002",
      "modified": "2023-12-13T01:20:56.972990Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-29002",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "cilium",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 1.7, \u003c 1.11.16"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 1.12.0, \u003c 1.12.9"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 1.13.0, \u003c 1.13.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "cilium"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-532",
                "lang": "eng",
                "value": "CWE-532: Insertion of Sensitive Information into Log File"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8",
            "refsource": "MISC",
            "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-pg5p-wwp8-97g8",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=1.7.0 \u003c=1.11.16||\u003e=1.12.0 \u003c1.12.9||\u003e=1.13.0 \u003c1.13.2",
          "affected_versions": "All versions starting from 1.7.0 up to 1.11.16, all versions starting from 1.12.0 before 1.12.9, all versions starting from 1.13.0 before 1.13.2",
          "cwe_ids": [
            "CWE-1035",
            "CWE-532",
            "CWE-937"
          ],
          "date": "2023-04-19",
          "description": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode.",
          "fixed_versions": [
            "1.12.9",
            "1.13.2"
          ],
          "identifier": "CVE-2023-29002",
          "identifiers": [
            "GHSA-pg5p-wwp8-97g8",
            "CVE-2023-29002"
          ],
          "not_impacted": "All versions before 1.7.0, all versions after 1.11.16 before 1.12.0, all versions starting from 1.12.9 before 1.13.0, all versions starting from 1.13.2",
          "package_slug": "go/github.com/cilium/cilium",
          "pubdate": "2023-04-19",
          "solution": "Upgrade to versions 1.12.9, 1.13.2 or above.",
          "title": "Insertion of Sensitive Information into Log File",
          "urls": [
            "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8",
            "https://nvd.nist.gov/vuln/detail/CVE-2023-29002",
            "https://github.com/advisories/GHSA-pg5p-wwp8-97g8"
          ],
          "uuid": "eff86b77-1102-464d-98ad-a02341aad2ae"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.13.2",
                "versionStartIncluding": "1.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.12.9",
                "versionStartIncluding": "1.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.16",
                "versionStartIncluding": "1.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-29002"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-05-04T13:01Z",
      "publishedDate": "2023-04-18T22:15Z"
    }
  }
}

FKIE_CVE-2023-29002

Vulnerability from fkie_nvd - Published: 2023-04-18 22:15 - Updated: 2024-11-21 07:56

Severity ?

7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8	Vendor Advisory

Impacted products

Vendor	Product	Version
cilium	cilium	*
cilium	cilium	*
cilium	cilium	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AFD7B49-00F8-4038-AE8C-AA01DA212E38",
              "versionEndExcluding": "1.11.16",
              "versionStartIncluding": "1.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8371AD7-2C69-4584-B0C3-2AB4E632FC37",
              "versionEndExcluding": "1.12.9",
              "versionStartIncluding": "1.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A8D7A6-200B-443C-B171-512964293B8D",
              "versionEndExcluding": "1.13.2",
              "versionStartIncluding": "1.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode."
    }
  ],
  "id": "CVE-2023-29002",
  "lastModified": "2024-11-21T07:56:22.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-18T22:15:07.897",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-pg5p-wwp8-97g8"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-29002 (GCVE-0-2023-29002)

GHSA-PG5P-WWP8-97G8

Impact

Patches

Workarounds

Acknowledgements

For more information

GSD-2023-29002

FKIE_CVE-2023-29002

Tags

Sightings

Nomenclature