CVE-2024-5042
May 17, 2024
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Affected Packages
github.com/submariner-io/submariner-operator (GO):
Affected version(s) >=v0.18.0-m0 <v0.18.0-rc0Fix Suggestion:
Update to version v0.18.0-rc0github.com/submariner-io/submariner-operator (GO):
Affected version(s) >=v0.16.0-m0 <v0.16.4Fix Suggestion:
Update to version v0.16.4github.com/submariner-io/submariner-operator (GO):
Affected version(s) >=v0.17.0-m0 <v0.17.2Fix Suggestion:
Update to version v0.17.2Related ResourcesĀ (12)
Do you need more information?
Contact UsCVSS v4
Base Score:
7
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
HIGH
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Execution with Unnecessary Privileges
EPSS
Base Score:
0.06
