Share
## https://sploitus.com/exploit?id=E6AD5FBA-52AD-5619-9A8A-BAA4FAF35BEB
# webhook-cve-2022-0811
This is a really simple webhook that just blocks pod creation if malicious
sysctl values are configured.
## Build
```bash
go test
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build
```
## Build image an deploy in Minikube
Start minikube:
```bash
minikube start
minikube addons enable registry
```
Build:
```bash
podman build -t localhost:5000/webhook-cve-2022-0811:latest .
podman push --tls-verify=false "$(minikube ip):5000/webhook-cve-2022-0811:latest"
```
Deploy:
```bash
cd kustomize/
kustomize build | kubectl apply -f -
```
## Test
Create the following pod:
```yaml
apiVersion: v1
kind: Pod
metadata:
name: sysctl-set
namespace: default
spec:
securityContext:
sysctls:
- name: kernel.shm_rmid_forced
value: "1+kernel.core_pattern"
containers:
- name: test
image: k8s.gcr.io/pause:3.2
```