Race Condition Affecting github.com/cilium/cilium/pkg/endpointmanager package, versions <1.14.14>=1.15.0 <1.15.8


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.06% (31st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Race Condition vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-GOLANG-GITHUBCOMCILIUMCILIUMPKGENDPOINTMANAGER-7689042
  • published16 Aug 2024
  • disclosed15 Aug 2024
  • creditSatish Kumar Matti

Introduced: 15 Aug 2024

CVE-2024-42488  (opens in a new tab)
CWE-362  (opens in a new tab)

How to fix?

Upgrade github.com/cilium/cilium/pkg/endpointmanager to version 1.14.14, 1.15.8 or higher.

Overview

github.com/cilium/cilium/pkg/endpointmanager is a package that manages the list of all local endpoints.

Affected versions of this package are vulnerable to Race Condition. An attacker can bypass the Host Firewall policy by exploiting the timing window where labels are not correctly applied to a node, causing CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply.

Workaround

This vulnerability can be mitigated by restarting the Cilium agent on affected nodes until the affected policies are confirmed to be working as expected.

CVSS Scores

version 4.0
version 3.1