Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-0811

Published: 16/03/2022 Updated: 28/03/2022
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Kubernetes

Vulnerability Summary

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes cri-o

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 4.6.56 packages and security update
Synopsis Important: OpenShift Container Platform 4656 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4656 is now available withupdates to pack ...
Red Hat: Important: OpenShift Container Platform 4.7.45 packages and security update
Synopsis Important: OpenShift Container Platform 4745 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4745 is now available with updates to pa ...
Red Hat: Important: OpenShift Container Platform 4.8.35 security update
Synopsis Important: OpenShift Container Platform 4835 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4835 is now available withupdates to packages and imag ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 13OpenShift GitOps v136 for OCP 47+Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: OpenShift Container Platform 4.10.4 security update
Synopsis Important: OpenShift Container Platform 4104 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4104 is now available withupdates to packages and imag ...
Red Hat: Important: OpenShift Container Platform 4.9.25 security update
Synopsis Important: OpenShift Container Platform 4925 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4925 is now available withupdates to packages and imag ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 243 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 243 General Availability release images This update provides security fixes, bug fixes, and updates the container imagesRed Hat Product Security has ...
Red Hat:
A flaw was found in CRI-O in the way it set kernel options for a pod This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed ...

Github Repositories

https://github.com/rewanthtammana/container-and-kubernetes-security-workshop

container-and-kubernetes-security-workshop-notes About me rewanthtammanacom/ Notes Sample attacks & hacks across the globe Kubernetes hacks doesn't have to be just a misconfiguration in kubernetes Any vulnerability in the applications running on top of Kubernetes lead to entire system compromise A few hacks: wwwbleepingcomputercom/news/securit

https://github.com/spiarh/webhook-cve-2022-0811

Simple webhook to block exploitation of CVE-2022-0811

webhook-cve-2022-0811 This is a really simple webhook that just blocks pod creation if malicious sysctl values are configured Build go test CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build Build image an deploy in Minikube Start minikube: minikube start minikube addons enable registry Bu

https://github.com/turbra/ocp-cr8escape

OpenShift Container Platform (OCP) starting from version 4.6 is affected by this vulnerability, older versions of OCP are not affected.

Proof of Concept: Leveraging CVE-2022-0811 to Compromise Kubernetes Many thanks to CrowdStrike cloud security researchers This quick quide was created with their findings and tailored for OpenShift specifically Description A flaw was found in CRI-O in the way it set kernel options for a pod This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that us

References

CWE-94https://bugzilla.redhat.com/show_bug.cgi?id=2059475https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:0866https://github.com/spiarh/webhook-cve-2022-0811
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook