{"containers": {"cna": {"affected": [{"product": "ovn-kubernetes", "vendor": "n/a", "versions": [{"status": "affected", "version": "OCP v 4.10.8"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-20T15:30:35", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053326"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0567", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ovn-kubernetes", "version": {"version_data": [{"version_value": "OCP v 4.10.8"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2053326", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053326"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:32:46.135Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053326"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0567", "datePublished": "2022-04-20T15:30:35", "dateReserved": "2022-02-11T00:00:00", "dateUpdated": "2024-08-02T23:32:46.135Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovn:ovn-kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D36DD01-6D6D-41D4-B4A4-4B0475E6644B", "versionEndExcluding": "4.7.47", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovn:ovn-kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "91E9B8A8-CD37-473C-B833-E1099334A250", "versionEndExcluding": "4.8.36", "versionStartIncluding": "4.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovn:ovn-kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "7582C75F-FF75-4ACF-97A1-02C80BCCC3A9", "versionEndExcluding": "4.9.27", "versionStartIncluding": "4.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovn:ovn-kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "47523418-1DC1-4A1D-8C8C-4272079B8020", "versionEndExcluding": "4.10.8", "versionStartIncluding": "4.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable."}, {"lang": "es", "value": "Se ha encontrado un fallo en ovn-kubernetes. Este fallo permite a un administrador del sistema o a un atacante con privilegios crear una pol\u00edtica de red de salida que omita las pol\u00edticas de entrada existentes de otros pods en un cl\u00faster, permitiendo que el tr\u00e1fico de red acceda a pods que no deber\u00edan ser accesibles. Este problema resulta en una divulgaci\u00f3n de informaci\u00f3n y a otros ataques a otros pods que no deber\u00edan ser accesibles"}], "id": "CVE-2022-0567", "lastModified": "2022-05-04T16:37:17.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-20T16:15:08.310", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053326"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Logius Standaard Platform for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:1162", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "package": "openshift4/ose-ovn-kubernetes:v4.10.0-202203311829.p0.gc580607.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2022-04-08T00:00:00Z"}, {"advisory": "RHSA-2022:1166", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "package": "openshift4/ose-ovn-kubernetes:v4.7.0-202203311831.p0.g385bc8f.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:1154", "cpe": "cpe:/a:redhat:openshift:4.8::el8", "package": "openshift4/ose-ovn-kubernetes:v4.8.0-202203311830.p0.gaa2c3f4.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.8", "release_date": "2022-04-11T00:00:00Z"}, {"advisory": "RHSA-2022:1158", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "package": "openshift4/ose-ovn-kubernetes:v4.9.0-202203311521.p0.ga6eec84.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2022-04-08T00:00:00Z"}], "bugzilla": {"description": "ovn-kubernetes: Ingress network policy can be overruled by egress network policy on another pod", "id": "2053326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053326"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L", "status": "verified"}, "cwe": "CWE-179", "details": ["A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.", "A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable."], "name": "CVE-2022-0567", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "openshift3/ose-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "openvswitch-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.11"}], "public_date": "2022-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0567\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0567"], "threat_severity": "Important", "upstream_fix": "OCP v 4.10.8 OCP v 4.9.27 OCP v 4.7.47 OCP v 4.8.36"}