We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-5042

Submariner-operator: rbac permissions can allow for the spread of node compromises



Description

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

Reserved 2024-05-17 | Published 2024-05-17 | Updated 2025-04-07 | Assigner redhat


MEDIUM: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

Problem types

Execution with Unnecessary Privileges

Product status

Default status
unaffected

Any version before 0.14.9
affected

0.15.0 before 0.15.5
affected

0.16.0 before 0.16.7
affected

0.17.0 before 0.17.2
affected

0.18.0-m0 before 0.18.0-rc0
affected

Default status
affected

v4.16.0-19 before *
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2024-05-15:Reported to Red Hat.
2024-05-16:Made public.

References

access.redhat.com/errata/RHSA-2024:4591 (RHSA-2024:4591) vendor-advisory

access.redhat.com/security/cve/CVE-2024-5042 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2280921 (RHBZ#2280921) issue-tracking

github.com/advisories/GHSA-2rhx-qhxp-5jpw

cve.org (CVE-2024-5042)

nvd.nist.gov (CVE-2024-5042)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-5042

Support options

Helpdesk Chat, Email, Knowledgebase