Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-0567

Опубликовано: 23 мар. 2022
Источник: redhat
CVSS3: 8.2

Описание

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11openshift3/ose-ovn-kubernetesNot affected
Red Hat OpenShift Container Platform 3.11openvswitch-ovn-kubernetesNot affected
Red Hat OpenShift Container Platform 4.10openshift4/ose-ovn-kubernetesFixedRHSA-2022:116208.04.2022
Red Hat OpenShift Container Platform 4.7openshift4/ose-ovn-kubernetesFixedRHSA-2022:116611.04.2022
Red Hat OpenShift Container Platform 4.8openshift4/ose-ovn-kubernetesFixedRHSA-2022:115411.04.2022
Red Hat OpenShift Container Platform 4.9openshift4/ose-ovn-kubernetesFixedRHSA-2022:115808.04.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-179
https://bugzilla.redhat.com/show_bug.cgi?id=2053326ovn-kubernetes: Ingress network policy can be overruled by egress network policy on another pod

8.2 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-0567

CVSS3: 9.1
nvd
почти 4 года назад

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.

github логотип

GHSA-cxqq-cw7f-wv88

CVSS3: 9.1
github
почти 4 года назад

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.

fstec логотип

BDU:2022-03564

CVSS3: 9.1
fstec
почти 4 года назад

Уязвимость сетевого провайдер для Kubernetes основанный на OVN (Open Virtual Network) OVN-Kubernetes, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю раскрыть защищаемую информацию или оказать другое воздействие

8.2 High

CVSS3