When using ovn-kubernetes on a Kubernetes or OpenShift cluster, it is possible to create an egress network policy that bypasses existing an ingress policy, allowing netwrok traffic to access pods that should not be reachable. This attack is limited to pods on the same node.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:1162 https://access.redhat.com/errata/RHSA-2022:1162
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2022:1158 https://access.redhat.com/errata/RHSA-2022:1158
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2022:1166 https://access.redhat.com/errata/RHSA-2022:1166
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2022:1154 https://access.redhat.com/errata/RHSA-2022:1154
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0567