CVE-2022-23648 in Containerd's CRI Plugin Could Allow for Container Breakout
A recently discovered CVE in containerd allows attackers who can run a custom image in a cluster to break out to the underlying node and, in some cases, escalate privileges to cluster-admin level.
This CVE is interesting for several reasons. First, the vulnerability shows up in the container image, not in the Kubernetes manifests, so it’s harder to spot with infrastructure-as-code (IaC) or admission control solutions. Second, it uses standard container image commands, so it’s not easily detected by malware scanning agents.