Base Score

MEDIUM6.6

CVE-2024-5042

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateMay 17, 2024, 14:15

Affected Versions(4)

github.com/submariner-io/submariner-operator(Go)

Introduced0.16.0-m0

Fixed0.16.4

LimitN/A

github.com/submariner-io/submariner-operator(Go)

Introduced0.17.0-m0

Fixed0.17.2

LimitN/A

github.com/submariner-io/submariner-operator(Go)

Introduced0

Fixed0.15.4

LimitN/A

github.com/submariner-io/submariner-operator(Go)

Introduced0.18.0-m0

Fixed0.18.0-rc0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/submariner-io/submariner-operator(Go)	0.16.0-m0	0.16.4	N/A
github.com/submariner-io/submariner-operator(Go)	0.17.0-m0	0.17.2	N/A
github.com/submariner-io/submariner-operator(Go)	0	0.15.4	N/A
github.com/submariner-io/submariner-operator(Go)	0.18.0-m0	0.18.0-rc0	N/A

Weakness Type (CWE):CWE-250

CVSS Metrics

Base Score

6.6

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

NONE

References

Base Score

MEDIUM6.6

Weakness Type (CWE):CWE-250

CVSS Metrics

Base Score

6.6

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

NONE