Affected by GO-2022-0457
and 16 other vulnerabilities
GO-2022-0457: Access to Unix domain socket can lead to privileges escalation in Cilium in github.com/cilium/cilium
GO-2022-0458: Improper Privilege Management in Cilium in github.com/cilium/cilium
GO-2022-0959: Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium
GO-2023-1643: Potential network policy bypass when routing IPv6 traffic in github.com/cilium/cilium
GO-2023-1730: Debug mode leaks confidential data in Cilium in github.com/cilium/cilium
GO-2023-1785: Potential HTTP policy bypass when using header rules in Cilium in github.com/cilium/cilium
GO-2023-2078: Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium
GO-2023-2079: Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium
GO-2023-2080: Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy in github.com/cilium/cilium
GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium
GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium
GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium
GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium
GO-2026-4856: Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium
GO-2026-5400: Cillium exposes sensitive information included in the cilium-bugtool debug archive in github.com/cilium/cilium
GO-2026-5905: Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access in github.com/cilium/cilium
GO-2026-5914: CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium
Enqueue enqueues the receiving function `f` to be executed by the function
queue. Depending on the size of the function queue and the amount
of functions queued, this function can block until the function queue
is ready to receive more requests.
If `f` returns an error, `waitFunc` will be executed and, depending on the
return value of `waitFunc`, `f` will be executed again or not.
The return value of `f` will not be logged and it's up to the caller to log
it properly.
Stop stops the function queue from processing the functions on the queue.
If there are functions in the queue waiting for them to be processed, they
won't be executed.
Wait until the FunctionQueue is stopped, or the specified context deadline
expires. Returns the error from the context, or nil if the FunctionQueue
was completed before the context deadline.
WaitFunc will be invoked each time a queued function has returned an error.
nRetries will be set to the number of consecutive execution failures that
have occurred so far. The WaitFunc must return true if execution must be
retried or false if the function must be returned from the queue.