CVE-2022-0567

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
ovnovn-kubernetes
𝑥
< 4.7.47
ovnovn-kubernetes
4.8.0 ≤
𝑥
< 4.8.36
ovnovn-kubernetes
4.9.0 ≤
𝑥
< 4.9.27
ovnovn-kubernetes
4.10.0 ≤
𝑥
< 4.10.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2053326
https://bugzilla.redhat.com/show_bug.cgi?id=2053326