Описание
Submariner Operator sets unnecessary RBAC permissions
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-5042
- https://github.com/submariner-io/submariner-operator/issues/3041
- https://github.com/submariner-io/submariner-operator/pull/3040
- https://github.com/submariner-io/submariner-operator/pull/3045
- https://github.com/submariner-io/submariner-operator/pull/3046
- https://github.com/submariner-io/submariner-operator/pull/3049
- https://github.com/submariner-io/submariner-operator/commit/b27a04c4270e53cbff6ff8ac6245db10c204bcab
- https://access.redhat.com/errata/RHSA-2024:4591
- https://access.redhat.com/security/cve/CVE-2024-5042
- https://bugzilla.redhat.com/show_bug.cgi?id=2280921
Пакеты
github.com/submariner-io/submariner-operator
>= 0.16.0-m0, < 0.16.4
0.16.4
github.com/submariner-io/submariner-operator
>= 0.17.0-m0, < 0.17.2
0.17.2
github.com/submariner-io/submariner-operator
< 0.15.4
0.15.4
github.com/submariner-io/submariner-operator
>= 0.18.0-m0, < 0.18.0-rc0
0.18.0-rc0
Связанные уязвимости
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Уязвимость программного обеспечения взаимодействия модулей и служб в кластерах Kubernetes Submariner Operator, связанная с ошибками при управлении привилегиями, позволяющая нарушителю запустить на узле произвольный контейнер