References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

https://access.redhat.com/errata/RHSA-2024:4591

https://access.redhat.com/security/cve/CVE-2024-5042

https://bugzilla.redhat.com/show_bug.cgi?id=2280921

https://github.com/advisories/GHSA-2rhx-qhxp-5jpw

Red Hat, Inc. https://access.redhat.com/errata/RHSA-2024:4591 [No types assigned]

Red Hat, Inc. https://github.com/advisories/GHSA-2rhx-qhxp-5jpw [No types assigned]

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

Red Hat, Inc. AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

Red Hat, Inc. CWE-250

Red Hat, Inc. https://access.redhat.com/security/cve/CVE-2024-5042 [No types assigned]

Red Hat, Inc. https://bugzilla.redhat.com/show_bug.cgi?id=2280921 [No types assigned]