CWE-1038
Allowed-with-ReviewInsecure Automated Optimizations
Abstraction: Class · Status: Draft
The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.
10 vulnerabilities reference this CWE, most recent first.
CVE-2025-48877 (GCVE-0-2025-48877)
Vulnerability from cvelistv5 – Published: 2025-06-09 12:36 – Updated: 2025-06-09 15:17- CWE-1038 - Insecure Automated Optimizations
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse/security/a… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:11:20.634452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:17:08.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.4"
},
{
"status": "affected",
"version": "\u003c 3.5.0.beta5"
},
{
"status": "affected",
"version": "\u003c 3.5.0.beta6-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site\u0027s `allowed_iframes`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038: Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:36:29.651Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv"
}
],
"source": {
"advisory": "GHSA-cm93-6m2m-cjcv",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48877",
"datePublished": "2025-06-09T12:36:29.651Z",
"dateReserved": "2025-05-27T20:14:34.296Z",
"dateUpdated": "2025-06-09T15:17:08.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52971 (GCVE-0-2023-52971)
Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-05-12 15:31- CWE-1038 - Insecure Automated Optimizations
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T14:51:07.523280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:31:11.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.10",
"versionType": "custom"
},
{
"lessThan": "11.4.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T22:54:37.997Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32084"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52971",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-05-12T15:31:11.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52970 (GCVE-0-2023-52970)
Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-11-03 19:28- CWE-1038 - Insecure Automated Optimizations
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T14:51:41.279300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:30:48.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:54.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.5.*",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.6.*",
"status": "affected",
"version": "10.6",
"versionType": "custom"
},
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "11.0.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThan": "11.4.*",
"status": "affected",
"version": "11.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-09T21:51:34.624Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32086"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52970",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:28:54.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52969 (GCVE-0-2023-52969)
Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-11-03 19:28- CWE-1038 - Insecure Automated Optimizations
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T15:57:59.488189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T15:58:06.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:53.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "MariaDB",
"vendor": "MariaDB",
"versions": [
{
"lessThan": "10.5.*",
"status": "affected",
"version": "10.4",
"versionType": "custom"
},
{
"lessThan": "10.6.*",
"status": "affected",
"version": "10.6",
"versionType": "custom"
},
{
"lessThan": "10.11.*",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "11.0.*",
"status": "affected",
"version": "11.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038 Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T22:52:43.409Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://jira.mariadb.org/browse/MDEV-32083"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52969",
"datePublished": "2025-03-08T00:00:00.000Z",
"dateReserved": "2025-03-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:28:53.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-31220 (GCVE-0-2022-31220)
Vulnerability from cvelistv5 – Published: 2022-09-12 18:35 – Updated: 2024-09-16 16:28- CWE-1038 - Insecure Automated Optimizations
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/000202196 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000202196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "21Q4 platforms",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038: Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T18:35:17.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000202196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-08-05",
"ID": "CVE-2022-31220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21Q4 platforms"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures."
}
]
},
"impact": {
"cvss": {
"baseScore": 3,
"baseSeverity": "Low",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1038: Insecure Automated Optimizations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000202196",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000202196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-31220",
"datePublished": "2022-09-12T18:35:17.543Z",
"dateReserved": "2022-05-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:32.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26861 (GCVE-0-2022-26861)
Vulnerability from cvelistv5 – Published: 2022-09-06 20:15 – Updated: 2026-05-27 13:03- CWE-1038 - Insecure Automated Optimizations
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/000202194 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:37.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000202194"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:56:14.298041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:03:13.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "Gen7, Gen8, Gen9, Gen10, Gen11, 21Q1-Q4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038: Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T20:15:20.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000202194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-08-04",
"ID": "CVE-2022-26861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "Gen7, Gen8, Gen9, Gen10, Gen11, 21Q1-Q4"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.9,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1038: Insecure Automated Optimizations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000202194",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000202194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26861",
"datePublished": "2022-09-06T20:15:20.148Z",
"dateReserved": "2022-03-10T00:00:00.000Z",
"dateUpdated": "2026-05-27T13:03:13.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-3WWX-63FV-PFQ6
Vulnerability from github – Published: 2024-10-21 19:03 – Updated: 2024-10-21 21:41Impact
A policy rule denying a prefix that is broader than /32 may be ignored if there is
- A policy rule referencing a more narrow prefix (
CIDRSetortoFQDN) and - This narrower policy rule specifies either
enableDefaultDeny: falseor- toEntities: all
Note that a rule specifying toEntities: world or toEntities: 0.0.0.0/0 is insufficient, it must be to entity all.
As an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied:
apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
name: block-scary-range
spec:
endpointSelector: {}
egressDeny:
- toCIDRSet:
- cidr: 1.0.0.0/8
---
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: evade-deny
spec:
endpointSelector: {}
egress:
- toCIDR:
- 1.1.1.2/32
- toEntities:
- all
Patches
This issue affects:
- Cilium v1.14 between v1.14.0 and v1.14.15 inclusive
- Cilium v1.15 between v1.15.0 and v1.15.9 inclusive
This issue has been patched in:
- Cilium v1.14.16
- Cilium v1.15.10
Workarounds
Users with policies using enableDefaultDeny: false can work around this issue by removing this configuration option and explicitly defining any allow rules required.
No workaround is available to users with egress policies that explicitly specify toEntities: all.
Acknowledgements
The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @squeed, @christarazi, and @jrajahalme for their work in triaging and resolving this issue.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated with top priority.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cilium/cilium"
},
"ranges": [
{
"events": [
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47825"
],
"database_specific": {
"cwe_ids": [
"CWE-1038",
"CWE-276"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-21T19:03:47Z",
"nvd_published_at": "2024-10-21T19:15:03Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA policy rule denying a prefix that is broader than /32 may be ignored if there is\n\n- A policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) **and**\n- This narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`\n\nNote that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.\n\nAs an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied:\n\n```\napiVersion: cilium.io/v2\nkind: CiliumClusterwideNetworkPolicy\nmetadata:\n name: block-scary-range\nspec:\n endpointSelector: {}\n egressDeny:\n - toCIDRSet:\n - cidr: 1.0.0.0/8\n\n---\n\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n name: evade-deny\nspec:\n endpointSelector: {}\n egress:\n - toCIDR:\n - 1.1.1.2/32\n - toEntities:\n - all\n```\n\n### Patches\n\nThis issue affects:\n\n- Cilium v1.14 between v1.14.0 and v1.14.15 inclusive\n- Cilium v1.15 between v1.15.0 and v1.15.9 inclusive\n\nThis issue has been patched in:\n\n- Cilium v1.14.16\n- Cilium v1.15.10\n\n### Workarounds\n\nUsers with policies using `enableDefaultDeny: false` can work around this issue by removing this configuration option and explicitly defining any allow rules required.\n\nNo workaround is available to users with egress policies that explicitly specify `toEntities: all`.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @squeed, @christarazi, and @jrajahalme for their work in triaging and resolving this issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nIf you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and your report will be treated with top priority.\n",
"id": "GHSA-3wwx-63fv-pfq6",
"modified": "2024-10-21T21:41:15Z",
"published": "2024-10-21T19:03:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47825"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/02d28d9ac9afcaddd301fae6fb4d6cda8c2d0c45"
},
{
"type": "WEB",
"url": "https://github.com/cilium/cilium/commit/9c01afb5646af3f0c696421a410dc66c513b6524"
},
{
"type": "PACKAGE",
"url": "https://github.com/cilium/cilium"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cilium\u0027s CIDR deny policies may not take effect when a more narrow CIDR allow is present"
}
GHSA-G8XG-6V3J-W97F
Vulnerability from github – Published: 2025-03-09 00:30 – Updated: 2025-11-03 21:33MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., 11.0 through 11.0., and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
{
"affected": [],
"aliases": [
"CVE-2023-52970"
],
"database_specific": {
"cwe_ids": [
"CWE-1038"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-08T23:15:14Z",
"severity": "MODERATE"
},
"details": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.",
"id": "GHSA-g8xg-6v3j-w97f",
"modified": "2025-11-03T21:33:09Z",
"published": "2025-03-09T00:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52970"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-32086"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX7H-6FR6-J29H
Vulnerability from github – Published: 2025-03-09 00:30 – Updated: 2025-11-03 21:33MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
{
"affected": [],
"aliases": [
"CVE-2023-52969"
],
"database_specific": {
"cwe_ids": [
"CWE-1038"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-08T23:15:14Z",
"severity": "MODERATE"
},
"details": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.",
"id": "GHSA-gx7h-6fr6-j29h",
"modified": "2025-11-03T21:33:08Z",
"published": "2025-03-09T00:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52969"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-32083"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J57W-CC2H-3W6W
Vulnerability from github – Published: 2025-03-09 00:30 – Updated: 2025-03-09 00:30MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fix_all_splittings_in_plan.
{
"affected": [],
"aliases": [
"CVE-2023-52971"
],
"database_specific": {
"cwe_ids": [
"CWE-1038"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-08T23:15:14Z",
"severity": "MODERATE"
},
"details": "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.",
"id": "GHSA-j57w-cc2h-3w6w",
"modified": "2025-03-09T00:30:52Z",
"published": "2025-03-09T00:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52971"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-32084"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.