A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 30 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T17:41:17.925Z

Reserved: 2024-05-17T03:54:30.320Z

Link: CVE-2024-5042

cve-icon Vulnrichment

Updated: 2024-08-01T21:03:10.599Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-17T14:15:21.123

Modified: 2024-11-21T09:46:50.500

Link: CVE-2024-5042

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-16T00:00:00Z

Links: CVE-2024-5042 - Bugzilla

cve-icon OpenCVE Enrichment

No data.