A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

Affected Packages

Go github.com/submariner-io/submariner-operator

Affected versions: 0.16.0-m0 (fixed in 0.16.4)

Go github.com/submariner-io/submariner-operator

Affected versions: 0.17.0-m0 (fixed in 0.17.2)

Go github.com/submariner-io/submariner-operator

Affected versions: 0 (fixed in 0.15.4)

Go github.com/submariner-io/submariner-operator

Affected versions: 0.18.0-m0 (fixed in 0.18.0-rc0)

Related CVEs

CVE-2024-5042

Key Information

GHSA ID

GHSA-2rhx-qhxp-5jpw

Published

May 17, 2024 3:31 PM

Last Modified

January 21, 2025 9:38 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/submariner-io/submariner-operator

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.