Related Vulnerabilities: CVE-2022-0567  

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.

Description

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.

Additional Information

  • Bugzilla 2053326: CVE-2022-0567 ovn-kubernetes: Ingress network policy can be overruled by egress network policy on another pod
  • CWE-20: Improper Input Validation
  • FAQ: Frequently asked questions about CVE-2022-0567