VDB

RHSA-2022%3A1660

RHSA-2022%3A1660 PUBLISHED CVSS 7.199999809265137 HIGH

An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the `type` field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as `reboot`. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk Scores

CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64 as a component of Red Hat OpenShift Container Platform 4.7openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64
Red Hatopenshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64 as a component of Red Hat OpenShift Container Platform 4.7openshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64
Red Hatopenshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64 as a component of Red Hat OpenShift Container Platform 4.7openshift4-wincw/windows-machine-config-operator-bundle@sha256:8ce026aac0b582bac558b7258e539bad8205f5494b751c9b8fd5b5331c2da848_amd64
Red Hatopenshift4-wincw/windows-machine-config-rhel8-operator@sha256:999eb8315012e9248c59b15b2d9af4990593f96f786d43e80e351775a6600b92_amd64 as a component of Red Hat OpenShift Container Platform 4.7*

Timeline

  • May 2, 2022 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›