Network Policy Bypass Vulnerability in Kubernetes by The Cloud Native Computing Foundation
CVE-2024-7598

3.1LOW

Key Information:

Vendor
Kubernetes
Status
Kube-apiserver
Vendor
CVE Published:
20 March 2025

Summary

A vulnerability in Kubernetes has been identified that enables a malicious or compromised pod to bypass network restrictions set by network policies during the deletion of namespaces. This issue arises because the Kubernetes deletion process does not guarantee a defined order of object deletion. As a result, network policies may be removed before the pods they are intended to protect are terminated. This window of vulnerability allows the pods to continue running without the enforcement of the necessary network policies, potentially exposing the system to unauthorized access and exploitation.

Affected Version(s)

kube-apiserver 1.3.0

kube-apiserver 0 < 1.3.0

References

https://github.com/kubernetes/kubernetes/issues/126587
issue-trackingvendor-advisory
https://groups.google.com/g/kubernetes-security-announce/...
mailing-list

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aaron Coffey
John McGuinness
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.