CVE-2024-7598

LOW

Kubernetes - Network Policy Bypass via Namespace Deletion Race Condition

Title source: llm

Description

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

References (3)

Core 3

Core References

Mailing List mailing-list

https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc

Mailing List

http://www.openwall.com/lists/oss-security/2025/03/20/2

Issue Tracking issue-tracking vendor-advisory

https://github.com/kubernetes/kubernetes/issues/126587

Scores

CVSS v3 3.1

EPSS 0.0028

EPSS Percentile 19.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (3)

kubernetes/cmd 1.3.0Go

Kubernetes/kube-apiserver < 1.3.0

Kubernetes/kube-apiserver 1.3.0

Published Mar 20, 2025

Tracked Since Feb 18, 2026