VDB
RHSA-2022%3A0492
RHSA-2022%3A0492
PUBLISHED
CVSS 7.199999809265137 HIGH
An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-deployer@sha256:2886db7e88a88b101d950df459f24a54cef30bb0af09ef1ecea6f3b990f0f07a_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-deployer@sha256:2886db7e88a88b101d950df459f24a54cef30bb0af09ef1ecea6f3b990f0f07a_amd64 |
| Red Hat | openshift4/ose-multus-cni@sha256:49690c6b76983578846ec462f0dbc153960dda07feb0bb0f20a9cfc6277d7bed_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-multus-cni@sha256:49690c6b76983578846ec462f0dbc153960dda07feb0bb0f20a9cfc6277d7bed_s390x |
| Red Hat | openshift4/ose-csi-external-resizer-rhel8@sha256:913ba6f031b22fe6043f5b01d6f5294d1c8ec2219589400a893a3aa5b15a4da4_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-csi-external-resizer-rhel8@sha256:913ba6f031b22fe6043f5b01d6f5294d1c8ec2219589400a893a3aa5b15a4da4_s390x |
| Red Hat | openshift4/ose-network-metrics-daemon-rhel8@sha256:7d35ea6b6bb1f160bdd33496cd662f53c2d2f1157d2b9d86cb73fec1bcba7ef8_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-network-metrics-daemon-rhel8@sha256:7d35ea6b6bb1f160bdd33496cd662f53c2d2f1157d2b9d86cb73fec1bcba7ef8_amd64 |
| Red Hat | openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:623a0044cc68bec1f6c6a74475d17d43d4e4388b12b300afe6c9ff278385fece_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:623a0044cc68bec1f6c6a74475d17d43d4e4388b12b300afe6c9ff278385fece_amd64 |
| Red Hat | openshift4/ose-cli-artifacts@sha256:dec16cca9e5b5cd8101eb7266c2482b86c5040a4f54f4a96382d9dfa65b9de94_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-cli-artifacts@sha256:dec16cca9e5b5cd8101eb7266c2482b86c5040a4f54f4a96382d9dfa65b9de94_amd64 |
| Red Hat | openshift4/ose-telemeter@sha256:e9118dddc6acb098ef4cf7eb06f6d22560524e211e48ec6eb159ca2e5022b0e9_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-telemeter@sha256:e9118dddc6acb098ef4cf7eb06f6d22560524e211e48ec6eb159ca2e5022b0e9_amd64 |
| Red Hat | openshift4/ose-oauth-server-rhel8@sha256:131822c998e8e124ef5e7d495e6367fab23e8ab4e823bc664bddb379f6684fbe_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:2a9fc270953e47271d7a2680f887b18e68f5bf54ce2b57fa2c937b4af3218253_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-jenkins-agent-nodejs-12-rhel8@sha256:2a9fc270953e47271d7a2680f887b18e68f5bf54ce2b57fa2c937b4af3218253_s390x |
| Red Hat | openshift4/ose-csi-node-driver-registrar-rhel8@sha256:2c7bb13d648a5048584530fddc62deb4b2e47bb7d389b77992e1077b920867e8_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-csi-node-driver-registrar-rhel8@sha256:2c7bb13d648a5048584530fddc62deb4b2e47bb7d389b77992e1077b920867e8_amd64 |
| Red Hat | openshift4/ose-prometheus-config-reloader@sha256:532b03acdb40aeaab35bd5160d519bb37fd30280218aea3dc2f0fe08f995c84a_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-prometheus-config-reloader@sha256:532b03acdb40aeaab35bd5160d519bb37fd30280218aea3dc2f0fe08f995c84a_amd64 |
| Red Hat | openshift4/ose-cli@sha256:59e88704d66781a6ba3412c21168329c3780ff07a059c4d9cd043c9a6ad4a245_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-cli@sha256:59e88704d66781a6ba3412c21168329c3780ff07a059c4d9cd043c9a6ad4a245_amd64 |
| Red Hat | openshift4/ose-must-gather@sha256:be2f41c4fb412078f0cda1113e16d5d3a96bfdf6fe95ed09aecccf0dd5e80c53_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-must-gather@sha256:be2f41c4fb412078f0cda1113e16d5d3a96bfdf6fe95ed09aecccf0dd5e80c53_s390x |
| Red Hat | openshift4/ose-gcp-machine-controllers-rhel8@sha256:81bdf7f53a0e00a1d91c68c8ba2c563eeb4e792588d9ffcb9b5c94fa48e61b43_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-gcp-machine-controllers-rhel8@sha256:81bdf7f53a0e00a1d91c68c8ba2c563eeb4e792588d9ffcb9b5c94fa48e61b43_ppc64le |
| Red Hat | openshift4/ose-cli-artifacts@sha256:dec16cca9e5b5cd8101eb7266c2482b86c5040a4f54f4a96382d9dfa65b9de94_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-cli-artifacts@sha256:dec16cca9e5b5cd8101eb7266c2482b86c5040a4f54f4a96382d9dfa65b9de94_amd64 |
| Red Hat | openshift4/ose-machine-api-operator@sha256:15df6ddfb17c7d887db41486d0e6da6f629a1ec150f54c7f293cfd76e945dac8_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-machine-api-operator@sha256:15df6ddfb17c7d887db41486d0e6da6f629a1ec150f54c7f293cfd76e945dac8_ppc64le |
| Red Hat | openshift4/ose-openshift-state-metrics-rhel8@sha256:47a0561fddb85edff5c6bcfc8e6c0d36581fb6591e0af35a7da4963751fe7d64_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-openshift-state-metrics-rhel8@sha256:47a0561fddb85edff5c6bcfc8e6c0d36581fb6591e0af35a7da4963751fe7d64_s390x |
| Red Hat | openshift4/ose-multus-networkpolicy-rhel8@sha256:f5dddf2b86bc050e5d2b414f2f5650cdb1ed102fa34fb3eda2f77da2c7490da8_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-multus-networkpolicy-rhel8@sha256:f5dddf2b86bc050e5d2b414f2f5650cdb1ed102fa34fb3eda2f77da2c7490da8_s390x |
| Red Hat | openshift4/ose-tools-rhel8@sha256:bc7be887442867f9118a25f9da8d4fef97a227aba5415e5da766384c5146e715_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-tools-rhel8@sha256:bc7be887442867f9118a25f9da8d4fef97a227aba5415e5da766384c5146e715_amd64 |
| Red Hat | openshift4/ose-cluster-autoscaler@sha256:7845d945bde410f64e95f666d3f29667652334e536f093164021601ab425f443_s390x as a component of Red Hat OpenShift Container Platform 4.7 | * |
…and 770 more
Timeline
- Feb 16, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:0492 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1919391 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2010831 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2015427 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2028967 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2034355 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2042534 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2043677 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2046237 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0492.json advisory
- https://access.redhat.com/security/cve/CVE-2021-20206 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-20206 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-20206 advisory