Vulnerability DatabaseCVE-2024-7598
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-7598
March 20, 2025
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.
Related ResourcesĀ (6)
https://nvd.nist.gov/vuln/detail/CVE-2024-7598
https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc
https://github.com/kubernetes/kubernetes
https://github.com/kubernetes/kubernetes/issues/126587
http://www.openwall.com/lists/oss-security/2025/03/20/2
https://github.com/advisories/GHSA-r56h-j38w-hrqq
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.1
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362
EPSS
Base Score:
0.02