{"vulnerability": "CVE-2022-0811", "sightings": [{"uuid": "d147191a-58e6-49fd-9686-82d1451768dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9049", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: CrowdStrike\u2019s Cloud Threat Research team discovered a new vulnerability (CVE-2022-0811) in CRI-O (a container runtime engine underpinning Kubernetes). Dubbed \u201ccr8escape,\u201d when invoked, an attacker could escape from a Kubernetes container and gain root access to the host and be able to move anywhere in the cluster. Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data and lateral movement across pods.\n\nInvocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods.\n\nhttps://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/\n\nhttps://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html", "creation_timestamp": "2022-03-17T08:46:54.000000Z"}, {"uuid": "b2cdb276-726a-4c8f-af98-0fd40faf7d46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1693", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aSimple webhook to block exploitation of CVE-2022-0811\nURL\uff1ahttps://github.com/spiarh/webhook-cve-2022-0811\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-03-21T09:29:43.000000Z"}, {"uuid": "e1426be2-1a6e-49e5-96d1-518fbe4b774e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/ggfcvj/3268", "content": "\u0623\u0628\u0644\u063a \u0641\u0631\u064a\u0642 CrowdStrike Cloud Threat Research \u0639\u0646 \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a CRI-O Container Engine for Kubernetes \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062d\u0627\u0648\u064a\u0629 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u062c\u0630\u0631 \u0625\u0644\u0649 \u0645\u0636\u064a\u0641.\n\nCRI-O \u0647\u0648 \u062a\u0637\u0628\u064a\u0642 \u064a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 OCI (\u0645\u0628\u0627\u062f\u0631\u0629 \u0627\u0644\u062d\u0627\u0648\u064a\u0629 \u0627\u0644\u0645\u0641\u062a\u0648\u062d\u0629) \u0644\u0648\u0627\u062c\u0647\u0629 Kubernetes Container Runtime (CRI) \u0627\u0644\u062a\u064a \u062a\u0645\u062b\u0644 \u0648\u0642\u062a \u062a\u0634\u063a\u064a\u0644 \u062d\u0627\u0648\u064a\u0629 \u062e\u0641\u064a\u0641 \u0627\u0644\u0648\u0632\u0646 \u0644\u0640 Kubernetes \u0627\u0644\u0645\u0635\u0645\u0645\u0629 \u0644\u0644\u062a\u0643\u0627\u0645\u0644 \u0628\u064a\u0646 \u0623\u0648\u0642\u0627\u062a \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u062a\u0648\u0627\u0641\u0642\u0629 \u0645\u0639 OCI \u0648 kubelets.\n\n\u064a\u064f\u0637\u0644\u0642 \u0639\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0633\u0645 cr8escape \u0648\u062a\u0639\u0642\u0628\u0647\u0627 \u0643\u0640 CVE-2022-0811 \u060c \u0648\u0647\u064a \u0646\u0627\u062a\u062c\u0629 \u0639\u0646 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0627\u0644\u062a\u062d\u0642\u0642 \u0627\u0644\u0645\u0646\u0627\u0633\u0628 \u0645\u0646 \u0645\u0639\u0644\u0645\u0627\u062a kernel \u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u0645\u0631\u064a\u0631\u0647\u0627 \u0625\u0644\u0649 \u0627\u0644\u0623\u062f\u0627\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 pinns. \u0646\u0634\u0623\u062a \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 1.19 \u0645\u0646 CRI-O \u060c \u0639\u0646\u062f\u0645\u0627 \u062a\u0645\u062a \u0625\u0636\u0627\u0641\u0629 \u062f\u0639\u0645 sysctl \u0625\u0644\u0649 \u0645\u062d\u0631\u0643 \u0627\u0644\u062d\u0627\u0648\u064a\u0629 \u060c \u0648\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0633\u0627\u0621\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u064a\u0627\u0631 kernel.core_pattern \u0644\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u0627\u0644\u062d\u0627\u0648\u064a\u0629.\n\n\u062f\u0631\u062c\u0629 CVE \u0647\u064a 8.8 (\u0639\u0627\u0644\u064a\u0629) \u0648\u0627\u0644\u062a\u0623\u062b\u064a\u0631 \u0627\u0644\u0645\u062d\u062a\u0645\u0644 \u0648\u0627\u0633\u0639 \u0627\u0644\u0627\u0646\u062a\u0634\u0627\u0631 \u0644\u0623\u0646 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u062a\u0633\u062a\u062e\u062f\u0645 CRI-O \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u064b\u0627.\n\n\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u060c \u0628\u0641\u0636\u0644 cr8escape \u060c \u0628\u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629 \u0648\u062a\u0633\u0644\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u060c \u0627\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062d\u0627\u0648\u064a\u0629 Kubernetes \u060c \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u062c\u0630\u0631 \u0625\u0644\u0649 \u0627\u0644\u0645\u0636\u064a\u0641 \u060c \u0648\u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0631\u0643 \u0623\u0641\u0642\u064a\u064b\u0627 \u0641\u064a \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629. \u064a\u062a\u0637\u0644\u0628 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0625\u0630\u0646\u064b\u0627 \u0644\u0646\u0634\u0631 \u0627\u0644\u0648\u062d\u062f\u0629 \u0641\u064a \u0645\u062c\u0645\u0648\u0639\u0629 Kubernetes \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 \u0648\u0642\u062a \u062a\u0634\u063a\u064a\u0644 CRI-O.\n\n\u0642\u062f\u0645 CrowdStrke \u0623\u064a\u0636\u064b\u0627 POC \u064a\u0633\u062a\u062e\u062f\u0645 PodSpec \u0636\u0627\u0631\u064b\u0627 \u0644\u062a\u0639\u064a\u064a\u0646 \u0645\u0639\u0644\u0645\u0629 kernel kernel.core_pattern \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u062b\u0646\u0627\u0626\u064a \u0645\u0633\u062a\u0636\u0627\u0641 \u0641\u064a \u0648\u062d\u062f\u0629 \u0646\u0645\u0637\u064a\u0629 \u0623\u062e\u0631\u0649 \u0643\u062c\u0630\u0631.\n\n\u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u0627\u0644\u062a\u0631\u0642\u064a\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u0645\u0646 CRI-O v1.23.2 \u0644\u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629. \u0623\u0648 \u064a\u0645\u0643\u0646\u0643 \u0627\u0644\u0631\u062c\u0648\u0639 \u0625\u0644\u0649 \u0625\u0635\u062f\u0627\u0631 CRI-O 1.18 \u0623\u0648 \u0625\u0635\u062f\u0627\u0631 \u0623\u0642\u062f\u0645.\n\n@A_X_YG\n#\u0627\u0644\u0642\u0627\u0626\u062f_A_X_Y \n#The_Yemeni_ghost", "creation_timestamp": "2022-03-17T17:37:10.000000Z"}, {"uuid": "af8efbe5-b042-4661-b703-00b5b81c68b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/anwar1213xx/1819", "content": "\u0623\u0628\u0644\u063a \u0641\u0631\u064a\u0642 CrowdStrike Cloud Threat Research \u0639\u0646 \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a CRI-O Container Engine for Kubernetes \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062d\u0627\u0648\u064a\u0629 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u062c\u0630\u0631 \u0625\u0644\u0649 \u0645\u0636\u064a\u0641.\n\nCRI-O \u0647\u0648 \u062a\u0637\u0628\u064a\u0642 \u064a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 OCI (\u0645\u0628\u0627\u062f\u0631\u0629 \u0627\u0644\u062d\u0627\u0648\u064a\u0629 \u0627\u0644\u0645\u0641\u062a\u0648\u062d\u0629) \u0644\u0648\u0627\u062c\u0647\u0629 Kubernetes Container Runtime (CRI) \u0627\u0644\u062a\u064a \u062a\u0645\u062b\u0644 \u0648\u0642\u062a \u062a\u0634\u063a\u064a\u0644 \u062d\u0627\u0648\u064a\u0629 \u062e\u0641\u064a\u0641 \u0627\u0644\u0648\u0632\u0646 \u0644\u0640 Kubernetes \u0627\u0644\u0645\u0635\u0645\u0645\u0629 \u0644\u0644\u062a\u0643\u0627\u0645\u0644 \u0628\u064a\u0646 \u0623\u0648\u0642\u0627\u062a \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u062a\u0648\u0627\u0641\u0642\u0629 \u0645\u0639 OCI \u0648 kubelets.\n\n\u064a\u064f\u0637\u0644\u0642 \u0639\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0633\u0645 cr8escape \u0648\u062a\u0639\u0642\u0628\u0647\u0627 \u0643\u0640 CVE-2022-0811 \u060c \u0648\u0647\u064a \u0646\u0627\u062a\u062c\u0629 \u0639\u0646 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0627\u0644\u062a\u062d\u0642\u0642 \u0627\u0644\u0645\u0646\u0627\u0633\u0628 \u0645\u0646 \u0645\u0639\u0644\u0645\u0627\u062a kernel \u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u0645\u0631\u064a\u0631\u0647\u0627 \u0625\u0644\u0649 \u0627\u0644\u0623\u062f\u0627\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 pinns. \u0646\u0634\u0623\u062a \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 1.19 \u0645\u0646 CRI-O \u060c \u0639\u0646\u062f\u0645\u0627 \u062a\u0645\u062a \u0625\u0636\u0627\u0641\u0629 \u062f\u0639\u0645 sysctl \u0625\u0644\u0649 \u0645\u062d\u0631\u0643 \u0627\u0644\u062d\u0627\u0648\u064a\u0629 \u060c \u0648\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0633\u0627\u0621\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u064a\u0627\u0631 kernel.core_pattern \u0644\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u0627\u0644\u062d\u0627\u0648\u064a\u0629.\n\n\u062f\u0631\u062c\u0629 CVE \u0647\u064a 8.8 (\u0639\u0627\u0644\u064a\u0629) \u0648\u0627\u0644\u062a\u0623\u062b\u064a\u0631 \u0627\u0644\u0645\u062d\u062a\u0645\u0644 \u0648\u0627\u0633\u0639 \u0627\u0644\u0627\u0646\u062a\u0634\u0627\u0631 \u0644\u0623\u0646 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u062a\u0633\u062a\u062e\u062f\u0645 CRI-O \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u064b\u0627.\n\n\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u060c \u0628\u0641\u0636\u0644 cr8escape \u060c \u0628\u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629 \u0648\u062a\u0633\u0644\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u060c \u0627\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062d\u0627\u0648\u064a\u0629 Kubernetes \u060c \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u062c\u0630\u0631 \u0625\u0644\u0649 \u0627\u0644\u0645\u0636\u064a\u0641 \u060c \u0648\u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0631\u0643 \u0623\u0641\u0642\u064a\u064b\u0627 \u0641\u064a \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629. \u064a\u062a\u0637\u0644\u0628 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0625\u0630\u0646\u064b\u0627 \u0644\u0646\u0634\u0631 \u0627\u0644\u0648\u062d\u062f\u0629 \u0641\u064a \u0645\u062c\u0645\u0648\u0639\u0629 Kubernetes \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 \u0648\u0642\u062a \u062a\u0634\u063a\u064a\u0644 CRI-O.\n\n\u0642\u062f\u0645 CrowdStrke \u0623\u064a\u0636\u064b\u0627 POC \u064a\u0633\u062a\u062e\u062f\u0645 PodSpec \u0636\u0627\u0631\u064b\u0627 \u0644\u062a\u0639\u064a\u064a\u0646 \u0645\u0639\u0644\u0645\u0629 kernel kernel.core_pattern \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u062b\u0646\u0627\u0626\u064a \u0645\u0633\u062a\u0636\u0627\u0641 \u0641\u064a \u0648\u062d\u062f\u0629 \u0646\u0645\u0637\u064a\u0629 \u0623\u062e\u0631\u0649 \u0643\u062c\u0630\u0631.\n\n\u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u0627\u0644\u062a\u0631\u0642\u064a\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u0645\u0646 CRI-O v1.23.2 \u0644\u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629. \u0623\u0648 \u064a\u0645\u0643\u0646\u0643 \u0627\u0644\u0631\u062c\u0648\u0639 \u0625\u0644\u0649 \u0625\u0635\u062f\u0627\u0631 CRI-O 1.18 \u0623\u0648 \u0625\u0635\u062f\u0627\u0631 \u0623\u0642\u062f\u0645.\n\n@A_X_YG\n#\u0627\u0644\u0642\u0627\u0626\u062f_A_X_Y \n#The_Yemeni_ghost", "creation_timestamp": "2022-03-17T18:37:12.000000Z"}, {"uuid": "ced437a4-5f4f-4693-9348-256e37fe24ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/piratesofyemen/614", "content": "\u0623\u0628\u0644\u063a \u0641\u0631\u064a\u0642 CrowdStrike Cloud Threat Research \u0639\u0646 \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a CRI-O Container Engine for Kubernetes \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062d\u0627\u0648\u064a\u0629 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u062c\u0630\u0631 \u0625\u0644\u0649 \u0645\u0636\u064a\u0641.\n\nCRI-O \u0647\u0648 \u062a\u0637\u0628\u064a\u0642 \u064a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 OCI (\u0645\u0628\u0627\u062f\u0631\u0629 \u0627\u0644\u062d\u0627\u0648\u064a\u0629 \u0627\u0644\u0645\u0641\u062a\u0648\u062d\u0629) \u0644\u0648\u0627\u062c\u0647\u0629 Kubernetes Container Runtime (CRI) \u0627\u0644\u062a\u064a \u062a\u0645\u062b\u0644 \u0648\u0642\u062a \u062a\u0634\u063a\u064a\u0644 \u062d\u0627\u0648\u064a\u0629 \u062e\u0641\u064a\u0641 \u0627\u0644\u0648\u0632\u0646 \u0644\u0640 Kubernetes \u0627\u0644\u0645\u0635\u0645\u0645\u0629 \u0644\u0644\u062a\u0643\u0627\u0645\u0644 \u0628\u064a\u0646 \u0623\u0648\u0642\u0627\u062a \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u062a\u0648\u0627\u0641\u0642\u0629 \u0645\u0639 OCI \u0648 kubelets.\n\n\u064a\u064f\u0637\u0644\u0642 \u0639\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0633\u0645 cr8escape \u0648\u062a\u0639\u0642\u0628\u0647\u0627 \u0643\u0640 CVE-2022-0811 \u060c \u0648\u0647\u064a \u0646\u0627\u062a\u062c\u0629 \u0639\u0646 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0627\u0644\u062a\u062d\u0642\u0642 \u0627\u0644\u0645\u0646\u0627\u0633\u0628 \u0645\u0646 \u0645\u0639\u0644\u0645\u0627\u062a kernel \u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u0645\u0631\u064a\u0631\u0647\u0627 \u0625\u0644\u0649 \u0627\u0644\u0623\u062f\u0627\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 pinns. \u0646\u0634\u0623\u062a \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 1.19 \u0645\u0646 CRI-O \u060c \u0639\u0646\u062f\u0645\u0627 \u062a\u0645\u062a \u0625\u0636\u0627\u0641\u0629 \u062f\u0639\u0645 sysctl \u0625\u0644\u0649 \u0645\u062d\u0631\u0643 \u0627\u0644\u062d\u0627\u0648\u064a\u0629 \u060c \u0648\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0633\u0627\u0621\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u064a\u0627\u0631 kernel.core_pattern \u0644\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u0627\u0644\u062d\u0627\u0648\u064a\u0629.\n\n\u062f\u0631\u062c\u0629 CVE \u0647\u064a 8.8 (\u0639\u0627\u0644\u064a\u0629) \u0648\u0627\u0644\u062a\u0623\u062b\u064a\u0631 \u0627\u0644\u0645\u062d\u062a\u0645\u0644 \u0648\u0627\u0633\u0639 \u0627\u0644\u0627\u0646\u062a\u0634\u0627\u0631 \u0644\u0623\u0646 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u062a\u0633\u062a\u062e\u062f\u0645 CRI-O \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u064b\u0627.\n\n\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u060c \u0628\u0641\u0636\u0644 cr8escape \u060c \u0628\u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629 \u0648\u062a\u0633\u0644\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u060c \u0627\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062d\u0627\u0648\u064a\u0629 Kubernetes \u060c \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u062c\u0630\u0631 \u0625\u0644\u0649 \u0627\u0644\u0645\u0636\u064a\u0641 \u060c \u0648\u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0631\u0643 \u0623\u0641\u0642\u064a\u064b\u0627 \u0641\u064a \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629. \u064a\u062a\u0637\u0644\u0628 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0625\u0630\u0646\u064b\u0627 \u0644\u0646\u0634\u0631 \u0627\u0644\u0648\u062d\u062f\u0629 \u0641\u064a \u0645\u062c\u0645\u0648\u0639\u0629 Kubernetes \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 \u0648\u0642\u062a \u062a\u0634\u063a\u064a\u0644 CRI-O.\n\n\u0642\u062f\u0645 CrowdStrke \u0623\u064a\u0636\u064b\u0627 POC \u064a\u0633\u062a\u062e\u062f\u0645 PodSpec \u0636\u0627\u0631\u064b\u0627 \u0644\u062a\u0639\u064a\u064a\u0646 \u0645\u0639\u0644\u0645\u0629 kernel kernel.core_pattern \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u062b\u0646\u0627\u0626\u064a \u0645\u0633\u062a\u0636\u0627\u0641 \u0641\u064a \u0648\u062d\u062f\u0629 \u0646\u0645\u0637\u064a\u0629 \u0623\u062e\u0631\u0649 \u0643\u062c\u0630\u0631.\n\n\u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u0627\u0644\u062a\u0631\u0642\u064a\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u0645\u0646 CRI-O v1.23.2 \u0644\u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629. \u0623\u0648 \u064a\u0645\u0643\u0646\u0643 \u0627\u0644\u0631\u062c\u0648\u0639 \u0625\u0644\u0649 \u0625\u0635\u062f\u0627\u0631 CRI-O 1.18 \u0623\u0648 \u0625\u0635\u062f\u0627\u0631 \u0623\u0642\u062f\u0645.\n\n@A_X_YG\n#\u0627\u0644\u0642\u0627\u0626\u062f_A_X_Y \n#The_Yemeni_ghost", "creation_timestamp": "2022-03-17T18:36:58.000000Z"}, {"uuid": "21d970ff-b2b5-4c57-b3d4-b516f4993a67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/piratesofyemen1213/447", "content": "\u0623\u0628\u0644\u063a \u0641\u0631\u064a\u0642 CrowdStrike Cloud Threat Research \u0639\u0646 \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u062e\u0637\u064a\u0631\u0629 \u0641\u064a CRI-O Container Engine for Kubernetes \u0648\u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647\u0627 \u0644\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062d\u0627\u0648\u064a\u0629 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u062c\u0630\u0631 \u0625\u0644\u0649 \u0645\u0636\u064a\u0641.\n\nCRI-O \u0647\u0648 \u062a\u0637\u0628\u064a\u0642 \u064a\u0639\u062a\u0645\u062f \u0639\u0644\u0649 OCI (\u0645\u0628\u0627\u062f\u0631\u0629 \u0627\u0644\u062d\u0627\u0648\u064a\u0629 \u0627\u0644\u0645\u0641\u062a\u0648\u062d\u0629) \u0644\u0648\u0627\u062c\u0647\u0629 Kubernetes Container Runtime (CRI) \u0627\u0644\u062a\u064a \u062a\u0645\u062b\u0644 \u0648\u0642\u062a \u062a\u0634\u063a\u064a\u0644 \u062d\u0627\u0648\u064a\u0629 \u062e\u0641\u064a\u0641 \u0627\u0644\u0648\u0632\u0646 \u0644\u0640 Kubernetes \u0627\u0644\u0645\u0635\u0645\u0645\u0629 \u0644\u0644\u062a\u0643\u0627\u0645\u0644 \u0628\u064a\u0646 \u0623\u0648\u0642\u0627\u062a \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u062a\u0648\u0627\u0641\u0642\u0629 \u0645\u0639 OCI \u0648 kubelets.\n\n\u064a\u064f\u0637\u0644\u0642 \u0639\u0644\u0649 \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0633\u0645 cr8escape \u0648\u062a\u0639\u0642\u0628\u0647\u0627 \u0643\u0640 CVE-2022-0811 \u060c \u0648\u0647\u064a \u0646\u0627\u062a\u062c\u0629 \u0639\u0646 \u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u0627\u0644\u062a\u062d\u0642\u0642 \u0627\u0644\u0645\u0646\u0627\u0633\u0628 \u0645\u0646 \u0645\u0639\u0644\u0645\u0627\u062a kernel \u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u0645\u0631\u064a\u0631\u0647\u0627 \u0625\u0644\u0649 \u0627\u0644\u0623\u062f\u0627\u0629 \u0627\u0644\u0645\u0633\u0627\u0639\u062f\u0629 pinns. \u0646\u0634\u0623\u062a \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631 1.19 \u0645\u0646 CRI-O \u060c \u0639\u0646\u062f\u0645\u0627 \u062a\u0645\u062a \u0625\u0636\u0627\u0641\u0629 \u062f\u0639\u0645 sysctl \u0625\u0644\u0649 \u0645\u062d\u0631\u0643 \u0627\u0644\u062d\u0627\u0648\u064a\u0629 \u060c \u0648\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0633\u0627\u0621\u0629 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u064a\u0627\u0631 kernel.core_pattern \u0644\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u0627\u0644\u062d\u0627\u0648\u064a\u0629.\n\n\u062f\u0631\u062c\u0629 CVE \u0647\u064a 8.8 (\u0639\u0627\u0644\u064a\u0629) \u0648\u0627\u0644\u062a\u0623\u062b\u064a\u0631 \u0627\u0644\u0645\u062d\u062a\u0645\u0644 \u0648\u0627\u0633\u0639 \u0627\u0644\u0627\u0646\u062a\u0634\u0627\u0631 \u0644\u0623\u0646 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0648\u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 \u062a\u0633\u062a\u062e\u062f\u0645 CRI-O \u0627\u0641\u062a\u0631\u0627\u0636\u064a\u064b\u0627.\n\n\u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u060c \u0628\u0641\u0636\u0644 cr8escape \u060c \u0628\u0627\u0644\u0625\u0636\u0627\u0641\u0629 \u0625\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0627\u0644\u0636\u0627\u0631\u0629 \u0648\u062a\u0633\u0644\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u060c \u0627\u0644\u062e\u0631\u0648\u062c \u0645\u0646 \u062d\u0627\u0648\u064a\u0629 Kubernetes \u060c \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0648\u0635\u0648\u0644 \u0627\u0644\u062c\u0630\u0631 \u0625\u0644\u0649 \u0627\u0644\u0645\u0636\u064a\u0641 \u060c \u0648\u0627\u0644\u0642\u062f\u0631\u0629 \u0639\u0644\u0649 \u0627\u0644\u062a\u062d\u0631\u0643 \u0623\u0641\u0642\u064a\u064b\u0627 \u0641\u064a \u0627\u0644\u0645\u062c\u0645\u0648\u0639\u0629. \u064a\u062a\u0637\u0644\u0628 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0625\u0630\u0646\u064b\u0627 \u0644\u0646\u0634\u0631 \u0627\u0644\u0648\u062d\u062f\u0629 \u0641\u064a \u0645\u062c\u0645\u0648\u0639\u0629 Kubernetes \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 \u0648\u0642\u062a \u062a\u0634\u063a\u064a\u0644 CRI-O.\n\n\u0642\u062f\u0645 CrowdStrke \u0623\u064a\u0636\u064b\u0627 POC \u064a\u0633\u062a\u062e\u062f\u0645 PodSpec \u0636\u0627\u0631\u064b\u0627 \u0644\u062a\u0639\u064a\u064a\u0646 \u0645\u0639\u0644\u0645\u0629 kernel kernel.core_pattern \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u062b\u0646\u0627\u0626\u064a \u0645\u0633\u062a\u0636\u0627\u0641 \u0641\u064a \u0648\u062d\u062f\u0629 \u0646\u0645\u0637\u064a\u0629 \u0623\u062e\u0631\u0649 \u0643\u062c\u0630\u0631.\n\n\u062a\u0645 \u0625\u0635\u0644\u0627\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0648\u064a\u0646\u0635\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0648\u0646 \u0628\u0627\u0644\u062a\u0631\u0642\u064a\u0629 \u0625\u0644\u0649 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u0645\u0646 CRI-O v1.23.2 \u0644\u0645\u0646\u0639 \u0627\u0644\u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629. \u0623\u0648 \u064a\u0645\u0643\u0646\u0643 \u0627\u0644\u0631\u062c\u0648\u0639 \u0625\u0644\u0649 \u0625\u0635\u062f\u0627\u0631 CRI-O 1.18 \u0623\u0648 \u0625\u0635\u062f\u0627\u0631 \u0623\u0642\u062f\u0645.\n\n@A_X_YG\n#\u0627\u0644\u0642\u0627\u0626\u062f_A_X_Y \n#The_Yemeni_ghost", "creation_timestamp": "2022-03-17T18:37:02.000000Z"}, {"uuid": "2127d0c6-966d-4c20-ba1d-b2332c9fc341", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2743", "content": "\u041a\u043e\u043c\u0430\u043d\u0434\u0430 CrowdStrike Cloud Threat Research \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043d\u043e\u043c \u0434\u0432\u0438\u0436\u043a\u0435 CRI-O Container Engine \u0434\u043b\u044f Kubernetes, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0432\u044b\u0445\u043e\u0434\u0430 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f root-\u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0445\u043e\u0441\u0442\u0443.\n\nCRI-O \u2013 \u044d\u0442\u043e \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0430 OCI (Open Container Initiative) \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f Kubernetes Container Runtime Interface (CRI), \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0449\u0430\u044f \u0441\u043e\u0431\u043e\u0439 \u043e\u0431\u043b\u0435\u0433\u0447\u0435\u043d\u043d\u0443\u044e \u0441\u0440\u0435\u0434\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u0434\u043b\u044f Kubernetes \u0438 \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f \u0434\u043b\u044f \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u043c\u0435\u0436\u0434\u0443 \u0441\u0440\u0435\u0434\u0430\u043c\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f, \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u043c\u0438 \u0441 OCI, \u0438 kubelet.\n\n\u041f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 cr8escape \u0438 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-0811 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0435\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u044f\u0434\u0440\u0430, \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442\u0435 pinns.\u00a0\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0432 CRI-O \u0432\u0435\u0440\u0441\u0438\u0438 1.19, \u043a\u043e\u0433\u0434\u0430 \u0432 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 \u0431\u044b\u043b\u0430 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 sysctl, \u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c kernel.core_pattern \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u044b\u0445\u043e\u0434\u0430 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430. \n\n\u041e\u0446\u0435\u043d\u043a\u0430 CVE \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8 (\u0432\u044b\u0441\u043e\u043a\u0430\u044f), \u0430 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u0448\u0438\u0440\u043e\u043a\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 CRI-O \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\u00a0\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f cr8escape \u043f\u043e\u043c\u0438\u043c\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0438 \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u043c\u043e\u0436\u0435\u0442 \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 Kubernetes, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0445\u043e\u0441\u0442\u0443 \u0438 \u0438\u043c\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0432 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0435. \u0414\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u043c\u043e\u0434\u0443\u043b\u044f \u0432 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0435 Kubernetes, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0440\u0435\u0434\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f CRI-O. \n\nCrowdStrke \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0438 POC, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 PodSpec \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u044f\u0434\u0440\u0430 kernel.core_pattern, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044f \u043f\u043e\u0434 root \u0434\u0432\u043e\u0438\u0447\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u044b\u0439 \u0432 \u0434\u0440\u0443\u0433\u043e\u043c \u043c\u043e\u0434\u0443\u043b\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 CRI-O v1.23.2, \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438. \u0418\u043b\u0438 \u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0442\u043a\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u0434\u043e CRI-O \u0432\u0435\u0440\u0441\u0438\u0438 1.18 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0435\u0439.", "creation_timestamp": "2022-03-17T14:30:04.000000Z"}, {"uuid": "dd3b94c0-f8bb-44e4-befe-cc3645082906", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "seen", "source": "https://t.me/cibsecurity/39034", "content": "\u203c CVE-2022-0811 \u203c\n\nA flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-16T17:20:37.000000Z"}, {"uuid": "0d4062e5-ff63-47e8-ac7b-99a86909f179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "seen", "source": "https://t.me/thehackernews/1987", "content": "A new vulnerability (CVE-2022-0811) in the CRI-O engine, dubbed \u201ccr8escape,\u201d could allow attackers to escape Kubernetes containers and gain root access.\n\nRead details: https://thehackernews.com/2022/03/new-vulnerability-in-cri-o-engine-lets.html", "creation_timestamp": "2023-07-13T10:44:34.000000Z"}, {"uuid": "8cf5a701-c83b-486b-b999-6c3d9ce6c60c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "exploited", "source": "https://t.me/xakep_ru/13806", "content": "HTB Vessel. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0435 Kubernetes #\u0441\u0442\u0430\u0442\u044c\u0438 #\u043f\u043e\u0434\u043f\u0438\u0441\u0447\u0438\u043a\u0430\u043c\n\n\u0412 \u044d\u0442\u043e\u043c \u0440\u0430\u0439\u0442\u0430\u043f\u0435 \u044f \u043f\u043e\u043a\u0430\u0436\u0443, \u043a\u0430\u043a \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-0811, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432\u044b\u0445\u043e\u0434\u0438\u0442\u044c \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0432 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0435 Kubernetes. \u041f\u043e \u0434\u043e\u0440\u043e\u0433\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c, \u043a\u0430\u043a \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f Git, \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0438 \u043f\u043e\u043f\u0435\u043d\u0442\u0435\u0441\u0442\u0438\u043c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 Open Web Analytics, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0445\u043e\u0441\u0442\u0443. \u0415\u0449\u0435 \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c\u0441\u044f \u0441 \u0433\u0435\u043d\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u043c \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u0443\u0435\u043c PDF-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442.\n\nhttps://xakep.ru/2023/03/27/htb-vessel/", "creation_timestamp": "2023-03-27T13:14:41.000000Z"}, {"uuid": "e6f1f37d-1d51-4679-832b-364ca01b9788", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5656", "content": "#Whitepaper\n\"Webhook Security Guidelines\".\n\n]-&gt; Simple webhook to block exploitation of CVE-2022-0811:\nhttps://github.com/spiarh/webhook-cve-2022-0811", "creation_timestamp": "2022-03-22T11:02:01.000000Z"}, {"uuid": "22b05b17-2d94-4914-83d6-113b8dea4b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0811", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5621", "content": "#tools\n#Cloud_Security\ncr8escape - Vulnerability in CRI-O Container Engine (CVE-2022-0811)\nhttps://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811", "creation_timestamp": "2023-09-24T15:02:15.000000Z"}]}