SCA: security update for github.com/cilium/cilium (GHSA-pwqm-x5x6-5586)

medium Tenable Cloud Security Plugin ID 417751

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec
transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent
encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay
attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number
collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys
for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is
fixed in 1.13.13, 1.14.9, and 1.15.3. (CVE-2024-28860)

See Also

https://github.com/advisories/GHSA-pwqm-x5x6-5586

Plugin Details

Severity: Medium

ID: 417751

Version: Revision 1.9

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 6/1/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.4

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2024-28860

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 3/28/2024

Vulnerability Publication Date: 3/27/2024

Reference Information

CVE: CVE-2024-28860

cwe: CWE-326