CVE-2024-42488

MEDIUM EPSS 39.0%
Published Aug 15, 20241y ago · Modified Jun 17, 20261w ago
6.8 CVSS 3.1
Medium
Find Similar
Published Aug 15, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass. This issue has been patched in Cilium v1.14.14 and v1.15.8 As the underlying issue depends on a race condition, users unable to upgrade can restart the Cilium agent on affected nodes until the affected policies are confirmed to be working as expected.

CVSS Details

Base Score
6.8
Exploitability
2.2
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
39.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 2

VendorProductVersionRange
ciliumcilium* <1.14.14
ciliumcilium*≥1.15.0  –  <1.15.8

References 3

  • github.com https://github.com/cilium/cilium/commit/aa44dd148a9be95e07782e4f990e61678ef0abf8
    Patch
  • github.com https://github.com/cilium/cilium/pull/33511
    PatchThird Party Advisory
  • github.com https://github.com/cilium/cilium/security/advisories/GHSA-q7w8-72mr-vpgw
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/cilium/cilium/commit/aa44dd148a9be95e07782e4f990e61678ef0abf8
    Patch
  • github.com https://github.com/cilium/cilium/pull/33511
    PatchThird Party Advisory
  • github.com https://github.com/cilium/cilium/security/advisories/GHSA-q7w8-72mr-vpgw
    PatchThird Party Advisory