x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-j89h-qrvr-xc36

[GoVulnBot]

In GitHub Security Advisory GHSA-j89h-qrvr-xc36, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/cilium/cilium	1.15.2	>= 1.15.0, < 1.15.2

Cross references:

• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-c66w-hq56-4q97 #393 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29178 #457 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29179 #458 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-wc5v-r48v-g4vh #530 NOT_GO_CODE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pfhr-pccp-hwmh #959 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4hc4-pgfx-3mrx #1642 NOT_GO_CODE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-8fg8-jh2h-f2hc #1643 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-r5x6-w42p-jhpp #1644 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-29002 #1730 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-2h44-x2wx-49f4 #1785 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-34242 #1862 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-gj2r-phwg-6rww #2078 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-24m5-r6hv-ccgp #2079 EFFECTIVELY_PRIVATE
• Module github.com/cilium/cilium appears in issue x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4xp2-w642-7mcx #2080 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/cilium/cilium
      versions:
        - introduced: 1.15.0
          fixed: 1.15.2
      vulnerable_at: 1.15.1
      packages:
        - package: github.com/cilium/cilium
    - module: github.com/cilium/cilium
      versions:
        - introduced: 1.14.0
          fixed: 1.14.8
      vulnerable_at: 1.14.7
      packages:
        - package: github.com/cilium/cilium
    - module: github.com/cilium/cilium
      versions:
        - fixed: 1.13.13
      vulnerable_at: 1.13.12
      packages:
        - package: github.com/cilium/cilium
summary: Unencrypted traffic between nodes when using IPsec and L7 policies
cves:
    - CVE-2024-28249
ghsas:
    - GHSA-j89h-qrvr-xc36
references:
    - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36
    - advisory: https://github.com/advisories/GHSA-j89h-qrvr-xc36

[gopherbot]

Change https://go.dev/cl/573675 mentions this issue: data/reports: add GO-2024-2656.yaml