A high severity vulnerability (CVE-2022-0811) was reported in CRI-O, an open-source container runtime engine of Kubernetes.
Successful exploitation of the vulnerability allows an attacker to perform a variety of actions against other containers, including execution of malware, exfiltration of data, and lateral movement across pods.
The vulnerability affects CRI-O versions:
- 1.19.0 to 1.19.5
- 1.20.0 to 1.20.6
- 1.21.0 to 1.21.5
- 1.22.0 to 1.22.2
- 1.23.0 to 1.23.1
Administrators and users of affected versions are advised to install the latest security updates immediately.
More information is available here: