VDB
RHSA-2022%3A1660
RHSA-2022%3A1660
PUBLISHED
CVSS 7.199999809265137 HIGH
An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64 |
| Red Hat | openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64 |
| Red Hat | openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64 |
| Red Hat | openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | * |
Timeline
- May 2, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:1660 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1919391 issue
- https://issues.redhat.com/browse/WINC-756 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1660.json advisory
- https://access.redhat.com/security/cve/CVE-2021-20206 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-20206 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-20206 advisory