CVE-2024-7598Race Condition in Kubernetes CMD Kube-apiserver

CWE-362Race Condition9 documents7 sources
Severity
3.1LOWNVD
EPSS
0.0%
top 95.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
KubernetesK8s.io Kubernetes CMD Kube-apiserverKubernetes Kube-apiserver+1 more
Timeline
PublishedMar 20
Latest updateMar 25

Description

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

Debiankubernetes/kubernetes< 1.20.5+really1.20.2-1+3
CVEListV5kubernetes/kube-apiserver1.3.0

🔴Vulnerability Details

5
OSV
Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes2025-03-25
GHSA
Kubernetes kube-apiserver Vulnerable to Race Condition2025-03-20
CVEList
Network restriction bypass via race condition during namespace termination2025-03-20
OSV
CVE-2024-7598: A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies duri2025-03-20
OSV
Kubernetes kube-apiserver Vulnerable to Race Condition2025-03-20

📋Vendor Advisories

3
Red Hat
kube-apiserver: Network restriction bypass via race condition during namespace termination2025-03-20
Microsoft
Network restriction bypass via race condition during namespace termination2025-03-11
Debian
CVE-2024-7598: kubernetes - A security issue was discovered in Kubernetes where a malicious or compromised p...2024
CVE-2024-7598 — Race Condition | cvebase