CVE-2024-5042 - Vulnerability Details - OpenCVE

Description

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

Published: 2024-05-17

Score: 6.6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

unaffected

Version	Status	Constraints
`0`	affected	< 0.14.9
`0.15.0`	affected	< 0.15.5
`0.16.0`	affected	< 0.16.7
`0.17.0`	affected	< 0.17.2
`0.18.0-m0`	affected	< 0.18.0-rc0

Red Hat

RHODF-4.16-RHEL-9

affected

Version	Status	Constraints
`v4.16.0-19`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726`	unaffected	< *

Red Hat

Red Hat Openshift Data Foundation 4.2

affected

Version	Status	Constraints
`sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a`	unaffected	< *

Red Hat Red Hat Advanced Cluster Management for Kubernetes 2 affected —

Red Hat Red Hat Advanced Cluster Management for Kubernetes 2 affected —

Red Hat Red Hat Advanced Cluster Management for Kubernetes 2 affected —

Red Hat Red Hat Advanced Cluster Management for Kubernetes 2 affected —

Red Hat Red Hat Advanced Cluster Management for Kubernetes 2 affected —

Red Hat Red Hat Advanced Cluster Management for Kubernetes 2 affected —

No data.

Package	CPE	Advisory	Released Date
RHODF-4.16-RHEL-9
odf4/odf-multicluster-rhel9-operator:v4.16.0-19	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2024:4591	2024-07-17T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-1367	A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Github GHSA	GHSA-2rhx-qhxp-5jpw	Submariner Operator sets unnecessary RBAC permissions

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00062.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:4591
https://access.redhat.com/errata/RHSA-2026:6503
https://access.redhat.com/security/cve/CVE-2024-5042
https://bugzilla.redhat.com/show_bug.cgi?id=2280921
https://github.com/advisories/GHSA-2rhx-qhxp-5jpw
https://nvd.nist.gov/vuln/detail/CVE-2024-5042
https://www.cve.org/CVERecord?id=CVE-2024-5042

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.20::el9
References		https://access.redhat.com/errata/RHSA-2026:6503

Wed, 30 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Redhat Acm Openshift Data Foundation

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-17T13:12:00.551Z

Updated: 2026-04-24T14:17:18.993Z

Reserved: 2024-05-17T03:54:30.320Z

Link: CVE-2024-5042

Vulnrichment

Updated: 2024-08-01T21:03:10.599Z

NVD

Status : Deferred

Published: 2024-05-17T14:15:21.123

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-5042

Redhat

Severity : Moderate

Publid Date: 2024-05-16T00:00:00Z

Links: CVE-2024-5042 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-250

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-5042", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-05-17T03:54:30.320Z", "datePublished": "2024-05-17T13:12:00.551Z", "dateUpdated": "2026-04-24T14:17:18.993Z"}, "containers": {"cna": {"title": "Submariner-operator: rbac permissions can allow for the spread of node compromises", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "0.14.9", "versionType": "semver"}, {"status": "affected", "version": "0.15.0", "lessThan": "0.15.5", "versionType": "semver"}, {"status": "affected", "version": "0.16.0", "lessThan": "0.16.7", "versionType": "semver"}, {"status": "affected", "version": "0.17.0", "lessThan": "0.17.2", "versionType": "custom"}, {"status": "affected", "version": "0.18.0-m0", "lessThan": "0.18.0-rc0", "versionType": "custom"}], "packageName": "submariner-operator", "collectionURL": "https://github.com/submariner-io/submariner-operator", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "RHODF-4.16-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-multicluster-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/cephcsi-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/cephcsi-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/mcg-core-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/mcg-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-client-console-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-client-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-metrics-exporter-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-cli-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-cloudnative-pg-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-console-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-cosi-sidecar-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-csi-addons-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-csi-addons-sidecar-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-external-snapshotter-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-external-snapshotter-sidecar-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-multicluster-console-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-multicluster-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-must-gather-rhel9", "defaultStatus": "affected", "versions": [{"version": "sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odr-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/rook-ceph-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/lighthouse-agent-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:acm:2"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/lighthouse-coredns-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:acm:2"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/submariner-gateway-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:acm:2"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/submariner-globalnet-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:acm:2"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/submariner-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:acm:2"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/submariner-route-agent-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:acm:2"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4591", "name": "RHSA-2024:4591", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:6503", "name": "RHSA-2026:6503", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-5042", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921", "name": "RHBZ#2280921", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw"}], "datePublic": "2024-05-16T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-250: Execution with Unnecessary Privileges", "timeline": [{"lang": "en", "time": "2024-05-15T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-16T00:00:00.000Z", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-24T14:17:18.993Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5042", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T14:43:37.969142Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T18:01:39.816Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:10.599Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4591", "name": "RHSA-2024:4591", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-5042", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921", "name": "RHBZ#2280921", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4591", "name": "RHSA-2024:4591", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-5042", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921", "name": "RHBZ#2280921", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:10.599Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5042", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T14:43:37.969142Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-20T14:43:55.603Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Submariner-operator: rbac permissions can allow for the spread of node compromises", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "0.14.9", "versionType": "semver"}, {"status": "affected", "version": "0.15.0", "lessThan": "0.15.5", "versionType": "semver"}, {"status": "affected", "version": "0.16.0", "lessThan": "0.16.7", "versionType": "semver"}, {"status": "affected", "version": "0.17.0", "lessThan": "0.17.2", "versionType": "custom"}, {"status": "affected", "version": "0.18.0-m0", "lessThan": "0.18.0-rc0", "versionType": "custom"}], "packageName": "submariner-operator", "collectionURL": "https://github.com/submariner-io/submariner-operator", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.16::el9"], "vendor": "Red Hat", "product": "RHODF-4.16-RHEL-9", "versions": [{"status": "unaffected", "version": "v4.16.0-19", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-multicluster-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/cephcsi-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/cephcsi-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/mcg-core-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/mcg-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/ocs-client-console-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/ocs-client-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/ocs-metrics-exporter-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/ocs-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-cli-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-cloudnative-pg-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-console-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-cosi-sidecar-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-csi-addons-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-csi-addons-sidecar-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-external-snapshotter-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-external-snapshotter-sidecar-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-multicluster-console-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-multicluster-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-must-gather-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odf-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/odr-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4.20::el9"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4.2", "versions": [{"status": "unaffected", "version": "sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a", "lessThan": "*", "versionType": "rpm"}], "packageName": "odf4/rook-ceph-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/lighthouse-agent-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/lighthouse-coredns-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/submariner-gateway-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/submariner-globalnet-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/submariner-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/submariner-route-agent-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-05-15T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-16T00:00:00.000Z", "value": "Made public."}], "datePublic": "2024-05-16T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4591", "name": "RHSA-2024:4591", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:6503", "name": "RHSA-2026:6503", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-5042", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921", "name": "RHBZ#2280921", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-24T14:17:18.993Z"}, "x_redhatCweChain": "CWE-250: Execution with Unnecessary Privileges"}}, "cveMetadata": {"cveId": "CVE-2024-5042", "state": "PUBLISHED", "dateUpdated": "2026-04-24T14:17:18.993Z", "dateReserved": "2024-05-17T03:54:30.320Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-05-17T13:12:00.551Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el proyecto Submariner. Debido a permisos innecesarios de control de acceso basados en roles, un atacante privilegiado puede ejecutar un contenedor malicioso en un nodo que puede permitirle robar tokens de cuentas de servicio y comprometer a\u00fan m\u00e1s otros nodos y potencialmente todo el cl\u00faster."}], "id": "CVE-2024-5042", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-05-17T14:15:21.123", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4591"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:6503"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-5042"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921"}, {"source": "secalert@redhat.com", "url": "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2024-5042"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4591", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-multicluster-rhel9-operator:v4.16.0-19", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2024-07-17T00:00:00Z"}], "bugzilla": {"description": "submariner-operator: RBAC permissions can allow for the spread of node compromises", "id": "2280921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", "status": "verified"}, "cwe": "CWE-250", "details": ["A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.", "A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster."], "name": "CVE-2024-5042", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/lighthouse-agent-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/lighthouse-coredns-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/submariner-gateway-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/submariner-globalnet-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/submariner-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/submariner-route-agent-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}], "public_date": "2024-05-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-5042\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5042\nhttps://github.com/advisories/GHSA-2rhx-qhxp-5jpw"], "statement": "For the submariner operator in Red Hat Advanced Cluster Management for Kubernetes, the submariner-security outlined potential vulnerabilities regarding RBAC permissions being too broad. Those permissions make it possible to create, patch or update statefulsets or replicasets resources. This may allow new privileged containers escaping them and gaining root privileges on any worker nodes where those containers have been deployed within the cluster.", "threat_severity": "Moderate"}