CVE-2024-7598

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Mar 20, 2025

CWE ID 362

Summary

CVE-2024-7598 is a newly disclosed vulnerability in Kubernetes. During the deletion of a namespace, the order of object deletion is undefined, allowing a malicious or compromised pod to bypass network restrictions enforced by network policies. This occurs when network policies are deleted before the pods they protect, resulting in a brief period where the pods operate outside of intended network policies. This vulnerability poses a risk to connections to and from the affected pods during namespace termination.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Kubernetes API

Affected Vendors

Cloud Native Computing Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xlPV_2
https://www.cve.org/CVERecord?id=CVE-2024-7598
https://nvd.nist.gov/vuln/detail/CVE-2024-7598

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners