Bug 2280921 (CVE-2024-5042)

Summary: CVE-2024-5042 submariner-operator: RBAC permissions can allow for the spread of node compromises
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: amctagga, gparvin, lbainbri, njean, owatkins, pahickey, rhaigner
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: submariner-operator 0.16.4 Doc Type: ---
Doc Text:
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2290351    
Bug Blocks: 2280922    

Description Robb Gatica 2024-05-17 03:54:51 UTC 
The Submariner project received a security disclosure regarding unnecessary RBAC that could be used to spread K8s node compromises. If an attacker is able to run a privileged malicious container on a node, they may be able to escape the container and steal service account tokens. Since Submariner's route agent runs on every node, its SA token is available from any compromised node.

References:
https://github.com/submariner-io/submariner-operator/issues/3041
Comment 7 errata-xmlrpc 2024-07-17 13:23:07 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2024:4591 https://access.redhat.com/errata/RHSA-2024:4591