一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

受影响版本排查(受影响/不受影响)：

1.master(1.29.1):

2.openEuler-20.03-LTS-SP4(1.20.2):

3.openEuler-22.03-LTS-SP3(1.20.2):

4.openEuler-22.03-LTS-SP4(1.20.2):

5.openEuler-24.03-LTS(1.29.1):

6.openEuler-24.03-LTS-Next(1.29.1):

7.openEuler-24.03-LTS-SP1(1.29.1):

修复是否涉及abi变化(是/否)：

1.master(1.29.1):

2.openEuler-20.03-LTS-SP4(1.20.2):

3.openEuler-22.03-LTS-SP3(1.20.2):

4.openEuler-22.03-LTS-SP4(1.20.2):

5.openEuler-24.03-LTS(1.29.1):

6.openEuler-24.03-LTS-Next(1.29.1):

7.openEuler-24.03-LTS-SP1(1.29.1):

原因说明：

1.master(1.29.1):

2.openEuler-20.03-LTS-SP4(1.20.2):

3.openEuler-22.03-LTS-SP3(1.20.2):

4.openEuler-22.03-LTS-SP4(1.20.2):

5.openEuler-24.03-LTS(1.29.1):

6.openEuler-24.03-LTS-Next(1.29.1):

7.openEuler-24.03-LTS-SP1(1.29.1):

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-7598 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

openEuler评分：

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-7598 |

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-7598 |

| go | https://github.com/advisories/GHSA-r56h-j38w-hrqq | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://nvd.nist.gov/vuln/detail/CVE-2024-7598 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://github.com/kubernetes/kubernetes/issues/126587 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-7598 |

| go | https://github.com/advisories/GHSA-r56h-j38w-hrqq | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://nvd.nist.gov/vuln/detail/CVE-2024-7598 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://github.com/kubernetes/kubernetes/issues/126587 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7598 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://seclists.org/oss-sec/2025/q1/234 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-7598 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://github.com/kubernetes/kubernetes/issues/126587 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/7xxx/CVE-2024-7598.json | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2353913 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-7598 |

| go | https://github.com/advisories/GHSA-r56h-j38w-hrqq | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://nvd.nist.gov/vuln/detail/CVE-2024-7598 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://github.com/kubernetes/kubernetes/issues/126587 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| osv | https://github.com/kubernetes/kubernetes/issues/126587 | https://osv.dev/vulnerability/CVE-2024-7598 |

| osv | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://osv.dev/vulnerability/CVE-2024-7598 |

| osv | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://osv.dev/vulnerability/CVE-2024-7598 |

| osv | https://security-tracker.debian.org/tracker/CVE-2024-7598 | https://osv.dev/vulnerability/CVE-2024-7598 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

在 Kubernetes 中发现了一个安全问题，恶意或被入侵的 pod 可在命名空间删除过程中绕过网络策略强制执行的网络限制。命名空间终止期间删除对象的顺序没有定义，网络策略有可能在其保护的 pod 之前被删除。这可能导致在一段短暂的时间内，虽然 pod 仍在运行，但本应适用于 pod 之间连接的网络策略却没有执行。

openEuler评分：

3.1

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

受影响版本排查(受影响/不受影响)：

3.openEuler-22.03-LTS-SP3(1.20.2):受影响

4.openEuler-22.03-LTS-SP4(1.20.2):受影响

5.openEuler-24.03-LTS(1.29.1):受影响

6.openEuler-24.03-LTS-Next(1.29.1):受影响

7.openEuler-24.03-LTS-SP1(1.29.1):受影响

修复是否涉及abi变化(是/否)：

3.openEuler-22.03-LTS-SP3(1.20.2):否

4.openEuler-22.03-LTS-SP4(1.20.2):否

5.openEuler-24.03-LTS(1.29.1):否

6.openEuler-24.03-LTS-Next(1.29.1):否

7.openEuler-24.03-LTS-SP1(1.29.1):否

原因说明：

3.openEuler-22.03-LTS-SP3(1.20.2):暂不修复-暂无解决方案或补丁

4.openEuler-22.03-LTS-SP4(1.20.2):暂不修复-暂无解决方案或补丁

5.openEuler-24.03-LTS(1.29.1):暂不修复-暂无解决方案或补丁

6.openEuler-24.03-LTS-Next(1.29.1):暂不修复-暂无解决方案或补丁

7.openEuler-24.03-LTS-SP1(1.29.1):暂不修复-暂无解决方案或补丁

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7598 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://seclists.org/oss-sec/2025/q1/234 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-7598 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://github.com/kubernetes/kubernetes/issues/126587 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/7xxx/CVE-2024-7598.json | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2353913 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-7598 |

| go | https://github.com/advisories/GHSA-r56h-j38w-hrqq | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://nvd.nist.gov/vuln/detail/CVE-2024-7598 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://github.com/kubernetes/kubernetes/issues/126587 | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| go | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://github.com/golang/vulndb/blob/master/reports/GO-2025-3547.yaml |

| osv | https://github.com/kubernetes/kubernetes/issues/126587 | https://osv.dev/vulnerability/CVE-2024-7598 |

| osv | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://osv.dev/vulnerability/CVE-2024-7598 |

| osv | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://osv.dev/vulnerability/CVE-2024-7598 |

| osv | https://security-tracker.debian.org/tracker/CVE-2024-7598 | https://osv.dev/vulnerability/CVE-2024-7598 |

</details>

漏洞分析指导链接：

https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md

漏洞数据来源:

openBrain开源漏洞感知系统

漏洞补丁信息：

<details>

<summary>详情(点击展开)</summary>

无

</details>

二、漏洞分析结构反馈

影响性分析说明：

在 Kubernetes 中发现了一个安全问题，恶意或被入侵的 pod 可在命名空间删除过程中绕过网络策略强制执行的网络限制。命名空间终止期间删除对象的顺序没有定义，网络策略有可能在其保护的 pod 之前被删除。这可能导致在一段短暂的时间内，虽然 pod 仍在运行，但本应适用于 pod 之间连接的网络策略却没有执行。

openEuler评分：

3.1

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

受影响版本排查(受影响/不受影响)：

1.master(1.29.1):受影响

2.openEuler-20.03-LTS-SP4(1.20.2):受影响

3.openEuler-22.03-LTS-SP3(1.20.2):受影响

4.openEuler-22.03-LTS-SP4(1.20.2):受影响

5.openEuler-24.03-LTS(1.29.1):受影响

6.openEuler-24.03-LTS-Next(1.29.1):受影响

7.openEuler-24.03-LTS-SP1(1.29.1):受影响

一、漏洞信息

漏洞编号：[CVE-2024-7598](https://nvd.nist.gov/vuln/detail/CVE-2024-7598)

漏洞归属组件：[kubernetes](https://gitee.com/src-openeuler/kubernetes)

漏洞归属的版本：1.18.6,1.20.2,1.24.0,1.25.3,1.29.1

CVSS V3.0分值：

BaseScore：3.1 Low

Vector：CVSS：3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

漏洞简述：

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced.

漏洞公开时间：2025-03-21 01:15:37

漏洞创建时间：2025-03-21 01:29:31

漏洞详情参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2024-7598

<details>

<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |

| ------- | -------- | -------- |

| jordan.liggitt.net | https://github.com/kubernetes/kubernetes/issues/126587 | |

| jordan.liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | |

| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/03/20/2 | |

| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7598 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://seclists.org/oss-sec/2025/q1/234 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-7598 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://github.com/kubernetes/kubernetes/issues/126587 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | http://www.openwall.com/lists/oss-security/2025/03/20/2 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/7xxx/CVE-2024-7598.json | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2353913 | https://bugzilla.suse.com/show_bug.cgi?id=1240110 |

| debian | | https://security-tracker.debian.org/tracker/CVE-2024-7598 |