CVE-2024-5042

Name of the Vulnerable Software and Affected Versions: Submariner Operator (affected versions not specified)

Description: A flaw was found in the Submariner project due to unnecessary role-based access control permissions. This allows a privileged attacker to run a malicious container on a node, potentially enabling them to steal service account tokens and further compromise other nodes and the entire cluster. The issue is related to errors in managing privileges in the Submariner Operator, which can be exploited by a remote attacker to launch an arbitrary container on a node.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.