{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-5042","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2024-05-17T03:54:30.320Z","datePublished":"2024-05-17T13:12:00.551Z","dateUpdated":"2026-06-02T17:51:48.640Z"},"containers":{"cna":{"title":"Submariner-operator: rbac permissions can allow for the spread of node compromises","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.6,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster."}],"affected":[{"versions":[{"status":"affected","version":"0","lessThan":"0.14.9","versionType":"semver"},{"status":"affected","version":"0.15.0","lessThan":"0.15.5","versionType":"semver"},{"status":"affected","version":"0.16.0","lessThan":"0.16.7","versionType":"semver"},{"status":"affected","version":"0.17.0","lessThan":"0.17.2","versionType":"custom"},{"status":"affected","version":"0.18.0-m0","lessThan":"0.18.0-rc0","versionType":"custom"}],"packageName":"submariner-operator","collectionURL":"https://github.com/submariner-io/submariner-operator","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"RHODF-4.16-RHEL-9","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","defaultStatus":"affected","versions":[{"version":"v4.16.0-19","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.16::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9","defaultStatus":"affected","versions":[{"version":"1774540992","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/cephcsi-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774540668","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-core-rhel9","defaultStatus":"affected","versions":[{"version":"1774541259","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/mcg-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541345","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-console-rhel9","defaultStatus":"affected","versions":[{"version":"1774541880","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-client-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541518","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-metrics-exporter-rhel9","defaultStatus":"affected","versions":[{"version":"1774541420","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/ocs-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541448","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cli-rhel9","defaultStatus":"affected","versions":[{"version":"1774541663","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cloudnative-pg-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541469","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-console-rhel9","defaultStatus":"affected","versions":[{"version":"1774542075","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-cosi-sidecar-rhel9","defaultStatus":"affected","versions":[{"version":"1774541617","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541614","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-csi-addons-sidecar-rhel9","defaultStatus":"affected","versions":[{"version":"1774541633","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541625","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-external-snapshotter-sidecar-rhel9","defaultStatus":"affected","versions":[{"version":"1774541625","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-console-rhel9","defaultStatus":"affected","versions":[{"version":"1774542179","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-multicluster-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541779","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-must-gather-rhel9","defaultStatus":"affected","versions":[{"version":"1774541857","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odf-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541919","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/odr-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774541919","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Openshift Data Foundation 4.2","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"odf4/rook-ceph-rhel9-operator","defaultStatus":"affected","versions":[{"version":"1774542101","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:openshift_data_foundation:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/lighthouse-agent-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/lighthouse-coredns-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/submariner-gateway-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/submariner-globalnet-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/submariner-rhel8-operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/submariner-route-agent-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:4591","name":"RHSA-2024:4591","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2026:6503","name":"RHSA-2026:6503","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2024-5042","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2280921","name":"RHBZ#2280921","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://github.com/advisories/GHSA-2rhx-qhxp-5jpw"}],"datePublic":"2024-05-16T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-250","description":"Execution with Unnecessary Privileges","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-250: Execution with Unnecessary Privileges","timeline":[{"lang":"en","time":"2024-05-15T00:00:00.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2024-05-16T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-06-02T17:51:48.640Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-5042","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-20T14:43:37.969142Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T18:01:39.816Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:03:10.599Z"},"title":"CVE Program Container","references":[{"url":"https://access.redhat.com/errata/RHSA-2024:4591","name":"RHSA-2024:4591","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"]},{"url":"https://access.redhat.com/security/cve/CVE-2024-5042","tags":["vdb-entry","x_refsource_REDHAT","x_transferred"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2280921","name":"RHBZ#2280921","tags":["issue-tracking","x_refsource_REDHAT","x_transferred"]},{"url":"https://github.com/advisories/GHSA-2rhx-qhxp-5jpw","tags":["x_transferred"]}]}]}}