摘要:
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched. This could result in unexpected behaviour with security This issue is fixed in Cilium v1.15.8 and v1.16.1. There is no workaround for this issue.
安全等级: Low
公告ID: KylinSec-SA-2025-2433
发布日期: 2025年5月30日
关联CVE: CVE-2024-42487
Cilium是一款集网络连接、可观测性与安全功能于一体的解决方案,其数据平面基于eBPF技术实现。在1.15分支中1.15.8之前的版本以及1.16分支中1.16.1之前的版本中,Gateway API的HTTPRoutes和GRPCRoutes未遵循规范中定义的匹配优先级规则。具体表现为:请求头的匹配先于请求方法的匹配,而根据规范要求,请求方法应在头部匹配前被优先处理。这种异常可能导致与安全相关的意外行为。该问题已在Cilium v1.15.8和v1.16.1版本中修复。此漏洞暂无临时缓解方案。
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-42487 | KY3.4-5A | cilium | Unaffected |
| CVE-2024-42487 | V6 | cilium | Unaffected |
