CVE-2024-5042
MEDIUMsubmariner-operator 0.16.0-m0-0.16.4 - Execution with Unnecessary Privileges
Title source: llmDescription
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:6503
https://access.redhat.com/errata/RHSA-2026:6503
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-5042
Various Sources
https://github.com/advisories/GHSA-2rhx-qhxp-5jpw
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:4591
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2280921
Scores
CVSS v3
6.6
EPSS
0.0050
EPSS Percentile
38.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-250
Status
published
Products (45)
Red Hat/Red Hat Advanced Cluster Management for Kubernetes 2
Red Hat/Red Hat Openshift Data Foundation 4.2
1774540668
Red Hat/Red Hat Openshift Data Foundation 4.2
1774540992
Red Hat/Red Hat Openshift Data Foundation 4.2
1774541259
Red Hat/Red Hat Openshift Data Foundation 4.2
1774541345
Red Hat/Red Hat Openshift Data Foundation 4.2
1774541420
Red Hat/Red Hat Openshift Data Foundation 4.2
1774541448
Red Hat/Red Hat Openshift Data Foundation 4.2
1774541469
Red Hat/Red Hat Openshift Data Foundation 4.2
1774541518
Red Hat/Red Hat Openshift Data Foundation 4.2
1774541614
... and 35 more
Published
May 17, 2024
Tracked Since
Feb 18, 2026