Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High Severity Vulnerability in CRI-O
Alerts

High Severity Vulnerability in CRI-O

18 March 2022

A high severity vulnerability (CVE-2022-0811) was reported in CRI-O, an open-source container runtime engine of Kubernetes.

Successful exploitation of the vulnerability allows an attacker to perform a variety of actions against other containers, including execution of malware, exfiltration of data, and lateral movement across pods. 

The vulnerability affects CRI-O versions:

  • 1.19.0 to 1.19.5

  • 1.20.0 to 1.20.6

  • 1.21.0 to 1.21.5

  • 1.22.0 to 1.22.2

  • 1.23.0 to 1.23.1

Administrators and users of affected versions are advised to install the latest security updates immediately.

More information is available here:

https://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/

https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html

https://www.itnews.com.au/news/cri-o-container-engine-bug-allows-kubernetes-container-escape-577486

https://www.cybersecurity-help.cz/vdb/SB2022031714

Back to top