VDB

CVE-2024-5042

CVE-2024-5042 PUBLISHED CVSS 6.599999904632568 MEDIUM

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

EPSS 0.08% · 24.1th percentile

Risk Scores

CVSS 3.1
6.599999904632568
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
EPSS Score
0.08%
24.1th percentile

Affected Products

VendorProductVersions
0.16.0, 0.17.0, 0.18.0-m0
github.comsubmariner-io/submariner-operator0.16.0-m0, 0.17.0-m0, 0.18.0-m0
Red HatRed Hat Advanced Cluster Management for Kubernetes 2
Red HatRed Hat Advanced Cluster Management for Kubernetes 2
Red HatRHODF-4.16-RHEL-9v4.16.0-19
Red HatRed Hat Advanced Cluster Management for Kubernetes 2
Red HatRed Hat Advanced Cluster Management for Kubernetes 2
Red HatRed Hat Advanced Cluster Management for Kubernetes 2
Red HatRed Hat Advanced Cluster Management for Kubernetes 2

Exploit Intelligence

Timeline

  • May 17, 2024 CVE Published
  • May 18, 2024 EPSS Score
  • Jun 12, 2024 EPSS Score
  • Jul 6, 2024 EPSS Score
  • Jul 29, 2024 EPSS Score
  • Aug 22, 2024 EPSS Score
  • Sep 15, 2024 EPSS Score
  • Oct 5, 2024 Coalition ESS Score
  • Oct 9, 2024 EPSS Score
  • Nov 2, 2024 EPSS Score
  • Nov 25, 2024 EPSS Score
  • Dec 20, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›