How severe is CVE-2024-42488?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-42488?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2024-42488 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass. This issue has been patched in Cilium v1.14.14 and v1.15.8 As the underlying issue depends on a race condition, users unable to upgrade can restart the Cilium agent on affected nodes until the affected policies are confirmed to be working as expected.

Related Vulnerabilities

CVE-2016-10798

MEDIUM

CVSS:6.8(Medium)

cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).

CWE-3622016

CVE-2018-12691

MEDIUM

CVSS:6.8(Medium)

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data pl...

CWE-3622018

CVE-2020-3163

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. T...

CWE-3622020

CVE-2021-20316

MEDIUM

CVSS:6.8(Medium)

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of th...

CWE-3622021

CVE-2021-4203

MEDIUM

CVSS:6.8(Medium)

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with...

CWE-3622021

CVE-2023-49706

MEDIUM

CVSS:6.8(Medium)

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions o...

CWE-3622023