CVE-2022-0567 A flaw was found in ovn-kubernetes

CVE-2022-0567 A flaw was found in ovn-kubernetes

This issue affects the following products and versions: OVN — version 2.6. The latest version at the time of writing is 3.7.0 — version 2.6. The latest version at the time of writing is 3.7.0 — Kubernetes version 1.9.7 — Kubernetes version 1.9.7 — Kubernetes version 1.10.0 — Kubernetes version 1.10.0 — Kubernetes version 1.11.0 — Kubernetes version 1.11.0 — Kubernetes version 1.12.0 — Kubernetes version 1.12.0 — Kubernetes version 1.13.0 — Kubernetes version 1.13.0 — Kubernetes version 1.14.0 — Kubernetes version 1.14.0 — Kubernetes version 1.15.0 — Kubernetes version 1.15.0 — Kubernetes version 1.16.0 — Kubernetes version 1.16.0 — Kubernetes version 1.17.0 — Kubernetes version 1.17.0 — Kubernetes version 1.18.0 — Kubernetes version 1.18.0 — Kubernetes version 1.19.0 — Kubernetes version 1.19.0 — Kubernetes version

How to Fix OVN (Open vSwitch Network)

If you are experiencing problems with OVN, it is possible the following are contributing factors:

- Open vSwitch on Linux or FreeBSD has been updated to version 2.6.

- The system time is incorrect.
- Networking has not been configured correctly.

Summary

Customers of the Kubernetes project may be affected by a security vulnerability in their software that could lead to authentication bypass. This issue was discovered and reported to Oracle on December 29th, 2018.

What is the issue?

Some users have experienced a privilege escalation vulnerability in version 2.6 of OVN that allows an authenticated user to gain root access on the system.

References: CVE-2022-0567

3.3 .1

Authentication issue
This issue affects the following products and versions: OVN — version 2.6. The latest version at the time of writing is 3.7.0 — version 2.6. The latest version at the time of writing is 3.7.0 — Kubernetes version 1.9.7 — Kubernetes version 1.9.7 — Kubernetes version 1.10.0 — Kubernetes version 1.10.0 — Kubernetes version 1.11.0 — Kubernetes version 1.11.0 — Kubernetes version 1.12.0 — Kubernetes version 1 .12 0— Kubernetes Version 1 .13 . 0—Kubernetes Version 1 .14 . 0—Kuberntese Version 1 .15 . 0—Kuberntese Version 1 .16 . 0—Kuberntese Version 1 .17 . 0—Kuberntese Version 1

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe