CVE-2022-0567 – CVE-2022-0567 ovn-kubernetes: Ingress network policy can be overruled by egress network policy on another pod

https://notcve.org/view.php?id=CVE-2022-0567

A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable. Se ha encontrado un fallo en ovn-kubernetes. Este fallo permite a un administrador del sistema o a un atacante con privilegios crear una política de red de salida que omita las políticas de entrada existentes de otros pods en un clúster, permitiendo que el tráfico de red acceda a pods que no deberían ser accesibles. • https://bugzilla.redhat.com/show_bug.cgi?id=2053326 https://access.redhat.com/security/cve/CVE-2022-0567 • CWE-20: Improper Input Validation CWE-179: Incorrect Behavior Order: Early Validation •