CVE-2024-42488

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.14.14 Cilium versions 1.15.0 through 1.15.7

Description A race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node, leading to policy bypass. This could cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply.

Recommendations For Cilium versions prior to 1.14.14, update to version 1.14.14 or later. For Cilium versions 1.15.0 through 1.15.7, update to version 1.15.8 or later. As a temporary workaround, users unable to upgrade can restart the Cilium agent on affected nodes until the affected policies are confirmed to be working as expected.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BIT-CILIUM-2024-42488

BIT-CILIUM-OPERATOR-2024-42488

BIT-HUBBLE-RELAY-2024-42488

CVE-2024-42488

GHSA-Q7W8-72MR-VPGW

GO-2024-3072

Affected Products

Cilium

CVE-2024-42488

Weakness Enumeration

Related Identifiers

Affected Products

References · 18