Lucene search

K
githubGitHub Advisory DatabaseGHSA-2RHX-QHXP-5JPW
HistoryMay 17, 2024 - 3:31 p.m.

Submariner Operator sets unnecessary RBAC permissions in helm charts

2024-05-1715:31:10
CWE-250
GitHub Advisory Database
github.com
4
submariner
rbac
flaw
permissions
attacker
container
compromise
cluster

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

Affected configurations

Vulners
Node
github_advisory_databasegithub.com\/submariner-io\/submariner-operatorRange0.18.0-m3
OR
github_advisory_databasegithub.com\/submariner-io\/submariner-operatorRange<0.16.4

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%