.. / CVE-2022-0811

Exploit for CRI-O arbitrary code execution (CVE-2022-0811)

Description:

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.

Proof of Concept

PoC exploit

https://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/

Try the exploit in a lab environment:

Lab	Machine	Link
Hack The Box	PikaTwoo	Go to Practice
Hack The Box	Vessel	Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0811

.. / CVE-2022-0811 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for CRI-O arbitrary code execution (CVE-2022-0811)

Description:

Proof of Concept

PoC exploit

Try the exploit in a lab environment:

.. / CVE-2022-0811