{"uuid": "d147191a-58e6-49fd-9686-82d1451768dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9049", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: CrowdStrike\u2019s Cloud Threat Research team discovered a new vulnerability (CVE-2022-0811) in CRI-O (a container runtime engine underpinning Kubernetes). Dubbed \u201ccr8escape,\u201d when invoked, an attacker could escape from a Kubernetes container and gain root access to the host and be able to move anywhere in the cluster. Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data and lateral movement across pods.\n\nInvocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods.\n\nhttps://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/\n\nhttps://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html", "creation_timestamp": "2022-03-17T08:46:54.000000Z"}