A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0866 advisory.

  - cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe     sysctls to be applied to the host (CVE-2022-0532)

  - CRI-O: Arbitrary code execution in cri-o via abusing kernel.core_pattern kernel parameter     (CVE-2022-0811)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0870 advisory.

  - cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe     sysctls to be applied to the host (CVE-2022-0532)

  - CRI-O: Arbitrary code execution in cri-o via abusing kernel.core_pattern kernel parameter     (CVE-2022-0811)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0871 advisory.

  - CRI-O: Arbitrary code execution in cri-o via abusing kernel.core_pattern kernel parameter     (CVE-2022-0811)

  - workflow-cps: OS command execution through crafted SCM contents (CVE-2022-25173)

  - workflow-cps-global-lib: OS command execution through crafted SCM contents (CVE-2022-25174)

  - workflow-multibranch: OS command execution through crafted SCM contents (CVE-2022-25175)

  - workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names (CVE-2022-25176)

  - workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names     (CVE-2022-25177, CVE-2022-25178)

  - workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names     (CVE-2022-25179)

  - workflow-cps: Password parameters are included from the original build in replayed builds (CVE-2022-25180)

  - workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25181, CVE-2022-25182, CVE-2022-25183)

  - pipeline-build-step: Password parameter default values exposed (CVE-2022-25184)

  - credentials: Stored XSS vulnerabilities in jenkins plugin (CVE-2022-29036)

  - subversion: Stored XSS vulnerabilities in Jenkins subversion plugin (CVE-2022-29046)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0860 advisory.

  - CRI-O: Arbitrary code execution in cri-o via abusing kernel.core_pattern kernel parameter     (CVE-2022-0811)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of the CRI-O package installed on the remote host is 1.19.x prior to 1.19.6, 1.20.x prior to 1.20.7, 1.21.x prior to 1.21.6, 1.22.x prior to 1.22.3, or 1.23.x prior to 1.23.2. It is, therefore, affected by an arbitrary code execution vulnerability via abusing the 'kernel.core_pattern' kernel parameter.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9229 advisory.

  - A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights     to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and     arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
    (CVE-2022-0811)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9228 advisory.

  - A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights     to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and     arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
    (CVE-2022-0811)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0810 advisory.

  - CRI-O: Arbitrary code execution in cri-o via abusing kernel.core_pattern kernel parameter     (CVE-2022-0811)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
159185	RHEL 7 / 8 : OpenShift Container Platform 4.6.56 (RHSA-2022:0866)	Nessus	Red Hat Local Security Checks	high
159168	RHEL 7 / 8 : OpenShift Container Platform 4.7.45 (RHSA-2022:0870)	Nessus	Red Hat Local Security Checks	high
159165	RHEL 7 / 8 : OpenShift Container Platform 4.8.35 (RHSA-2022:0871)	Nessus	Red Hat Local Security Checks	high
159114	RHEL 7 / 8 : OpenShift Container Platform 4.9.25 (RHSA-2022:0860)	Nessus	Red Hat Local Security Checks	high
159113	CRI-O package 1.19.x < 1.19.6 / 1.20.x < 1.20.7 / 1.21.x < 1.21.6 / 1.22.x < 1.22.3 / 1.23.x < 1.23.2 Arbitrary Code Execution (CVE-2022-0811)	Nessus	Misc.	high
159016	Oracle Linux 7 / 8 : cri-o (ELSA-2022-9229)	Nessus	Oracle Linux Local Security Checks	high
159011	Oracle Linux 7 / 8 : cri-o (ELSA-2022-9228)	Nessus	Oracle Linux Local Security Checks	high
158993	RHEL 7 / 8 : OpenShift Container Platform 4.10.4 (RHSA-2022:0810)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2022-0811

high

Tenable Plugins

high

high

high

high

high

high

high

high