High Severity Vulnerability in CRI-O

Published on 18 Mar 2022

Updated on 18 Mar 2022

A high severity vulnerability (CVE-2022-0811) was reported in CRI-O, an open-source container runtime engine of Kubernetes.

Successful exploitation of the vulnerability allows an attacker to perform a variety of actions against other containers, including execution of malware, exfiltration of data, and lateral movement across pods. 

The vulnerability affects CRI-O versions:

  • 1.19.0 to 1.19.5
  • 1.20.0 to 1.20.6
  • 1.21.0 to 1.21.5
  • 1.22.0 to 1.22.2
  • 1.23.0 to 1.23.1

Administrators and users of affected versions are advised to install the latest security updates immediately.

More information is available here: