CVE-2024-5042 MEDIUM

CVE-2024-5042: Submariner-operator: rbac permissions can allow for the spread of node compromises

Vendor Red Hat
Product Red Hat Advanced Cluster Management for Kubernetes 2
Weakness CWE-250
Published May 17, 2024
Last update June 2, 2026

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

What the vulnerability does

01Description

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

Key dates

02Disclosure timeline

May 17, 2024 CVE published
June 2, 2026 Record updated