CVE-2022-0811

EPSS 18.6%CWE-94

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 18.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 mar 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Produtos afetados

n/a · CRI-O

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugzilla.redhat.com/show_bug.cgi?id=2059475 https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7