CVE-2024-5042 Submariner-operator: rbac permissions can allow for the spread of node compromises

2024-05-1713:12:00

CWE-250

redhat

github.com

submariner project

rbac permissions

node compromises

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhacm2-tech-preview/lighthouse-agent-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:acm:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhacm2-tech-preview/lighthouse-coredns-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:acm:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhacm2-tech-preview/submariner-gateway-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:acm:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhacm2-tech-preview/submariner-globalnet-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:acm:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhacm2-tech-preview/submariner-rhel8-operator",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:acm:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhacm2-tech-preview/submariner-route-agent-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:acm:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Openshift Data Foundation 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "odf4/odf-multicluster-rhel8-operator",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift_data_foundation:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Openshift Data Foundation 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "odf/odf-multicluster-rhel8-operator",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift_data_foundation:4"
    ]
  }
]