{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T23:20:59.328","vulnerabilities":[{"cve":{"id":"CVE-2024-47825","sourceIdentifier":"security-advisories@github.com","published":"2024-10-21T19:15:03.500","lastModified":"2024-12-19T15:59:27.760","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than `/32` may be ignored if there is a policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) and this narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`. Note that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using `enableDefaultDeny: false` or that set `toEntities` to `all`, some workarounds are available. For users with policies using `enableDefaultDeny: false`, remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify `toEntities: all`, use `toEntities: world`."},{"lang":"es","value":"Cilium es una solución de redes, observabilidad y seguridad con un plano de datos basado en eBPF. A partir de la versión 1.14.0 y antes de las versiones 1.14.16 y 1.15.10, una regla de política que deniegue un prefijo más amplio que `/32` puede ignorarse si hay una regla de política que haga referencia a un prefijo más estrecho (`CIDRSet` o `toFQDN`) y esta regla de política más estrecha especifica `enableDefaultDeny: false` o `- toEntities: all`. Tenga en cuenta que una regla que especifique `toEntities: world` o `toEntities: 0.0.0.0/0` no es suficiente, debe ser para la entidad `all`. Este problema se ha corregido en Cilium v1.14.16 y v1.15.10. Como este problema solo afecta a las políticas que utilizan `enableDefaultDeny: false` o que establecen `toEntities` en `all`, hay algunas soluciones alternativas disponibles. Para los usuarios con políticas que utilizan `enableDefaultDeny: false`, elimine esta opción de configuración y defina explícitamente las reglas de permiso requeridas. Para los usuarios con políticas de salida que especifican explícitamente `toEntities: all`, utilice `toEntities: world`."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionStartIncluding":"1.14.0","versionEndExcluding":"1.14.16","matchCriteriaId":"E72A812D-F216-4165-A98F-AAF9042ECE26"},{"vulnerable":true,"criteria":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"1.15.10","matchCriteriaId":"430A4DEE-E609-4186-A882-E0E424D6F232"}]}]}],"references":[{"url":"https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}