CVE-2022-0811

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Partial	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://bugzilla.redhat.com/show_bug.cgi?id=2059475
source:MISC
tags:Issue Tracking Third Party Advisory

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

List of frequently cited URLs

URL	Num of Times Referred to
https://www.reddit.com/r/netsec	51
https://cvetrends.com	48
http://cyberiqs.com/latestnews	38
https://thehackernews.com/2022/03/new-vulnerability-in-cri-...	11
http://ASP.NET	4
https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2...	3
https://sysdig.com/blog/cve-2022-0811-cri-o	3
https://opsmtrs.com/3IZx4mq	3
https://blog.aquasec.com/cve-2022-0811-cri-o-vulnerability	3
https://www.crowdstrike.com/blog/cr8escape-zero-day-vulnera...	3
https://cloudsecurityalliance.org/articles/cr8escape-new-vu...	3

Information from Twitter

User	URL	Info Source	Date
LEOLAMCGILL14	https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2...	Source LEOLAMCGILL14 1626144266643996672	2023/02/16

URL	Num of Times Referred to
www.reddit.com	51
cvetrends.com	48
cyberiqs.com	38
thehackernews.com	11
ASP.NET	4
github.com	3
sysdig.com	3
opsmtrs.com	3
blog.aquasec.com	3
www.crowdstrike.com	3
cloudsecurityalliance.org	3

User	URL	Info Source
LEOLAMCGILL14	github.com	Show Tweet

GitHub Search Results: Up to 10

Name	URL
spiarh/webhook-cve-2022-0811	https://github.com/spiarh/webhook-cve-2022-0811

Name	URL
spiarh/webhook-cve-2022-0811	github.com

2023/02/16 Score : 0
Added Har-sia Database : 2022/03/15
Last Modified : 2023/02/16
Highest Scored Date : 2022/03/17
Highest Score : 59

CVE-2022-0811

Description from NVD

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:S/C:C/I:C/A:C

NVD References

Refer to Information on External Sites

Information from Twitter

Information from Twitter