CVE-2024-5042
6.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
Summary
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 0.14.9 | affected | ||
0.15.0 < 0.15.5 | affected | ||
0.16.0 < 0.16.7 | affected | ||
0.17.0 < 0.17.2 | affected | ||
0.18.0-m0 < 0.18.0-rc0 | affected | ||
| Red Hat | RHODF-4.16-RHEL-9 | v4.16.0-19 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774540992 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774540668 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541259 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541345 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541880 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541518 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541420 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541448 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541663 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541469 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774542075 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541617 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541614 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541633 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541625 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541625 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774542179 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541779 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541857 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541919 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774541919 < * | unaffected |
| Red Hat | Red Hat Openshift Data Foundation 4.2 | 1774542101 < * | unaffected |
Weaknesses
- CWE-250: Execution with Unnecessary Privileges
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2024:4591
- https://access.redhat.com/security/cve/CVE-2024-5042
- https://bugzilla.redhat.com/show_bug.cgi?id=2280921
- https://github.com/advisories/GHSA-2rhx-qhxp-5jpw
References
- https://access.redhat.com/errata/RHSA-2024:4591
- https://access.redhat.com/errata/RHSA-2026:6503
- https://access.redhat.com/security/cve/CVE-2024-5042
- https://bugzilla.redhat.com/show_bug.cgi?id=2280921
- https://github.com/advisories/GHSA-2rhx-qhxp-5jpw
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.