Insecure Automated OptimizationsCWE-1038
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2024-47825A policy rule denying a prefix that is broader than /32 may be ignored if there is A policy rule referencing a more narrow prefix (CIDRSet or toFQDN) and
This narrower policy rule specifies either enableDefaultDeny: false or - toEntities: all
Note that a rule specifying toEntities: world or toEntities: 0.0.0.0/0 is insufficient, it must be to entity all. As an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied: apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
name: block-scary-range
spec:
endpointSelector: {}
egressDeny:
- toCIDRSet:
- cidr: 1.0.0.0/8
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: evade-deny
spec:
endpointSelector: {}
egress:
- toCIDR:
- 1.1.1.2/32
- toEntities:
- all | CVSS 4 | Cilium | - | Patched |  |
CVE-2022-31220Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures. | CVSS 5.1 | Dell | - | Patched |  |