GHSA-2rhx-qhxp-5jpw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2rhx-qhxp-5jpw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2rhx-qhxp-5jpw/GHSA-2rhx-qhxp-5jpw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2rhx-qhxp-5jpw
- Aliases
-
- CVE-2024-5042
- GO-2024-2866
- Published
- 2024-05-17T15:31:10Z
- Modified
- 2025-01-21T21:38:08Z
- Severity
-
- 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N CVSS Calculator
- Summary
- Submariner Operator sets unnecessary RBAC permissions
- Details
-
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
- Database specific
{ "nvd_published_at": "2024-05-17T14:15:21Z", "cwe_ids": [ "CWE-250" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-17T20:03:57Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-5042
- https://github.com/submariner-io/submariner-operator/issues/3041
- https://github.com/submariner-io/submariner-operator/pull/3040
- https://github.com/submariner-io/submariner-operator/pull/3045
- https://github.com/submariner-io/submariner-operator/pull/3046
- https://github.com/submariner-io/submariner-operator/pull/3049
- https://github.com/submariner-io/submariner-operator/commit/b27a04c4270e53cbff6ff8ac6245db10c204bcab
- https://access.redhat.com/errata/RHSA-2024:4591
- https://access.redhat.com/security/cve/CVE-2024-5042
- https://bugzilla.redhat.com/show_bug.cgi?id=2280921
- https://github.com/submariner-io/submariner-operator
Affected packages
Go / github.com/submariner-io/submariner-operator
Package
- Name
- github.com/submariner-io/submariner-operator
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/submariner-io/submariner-operator
Go / github.com/submariner-io/submariner-operator
Package
- Name
- github.com/submariner-io/submariner-operator
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/submariner-io/submariner-operator
Go / github.com/submariner-io/submariner-operator
Package
- Name
- github.com/submariner-io/submariner-operator
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/submariner-io/submariner-operator
Go / github.com/submariner-io/submariner-operator
Package
- Name
- github.com/submariner-io/submariner-operator
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/submariner-io/submariner-operator