CVE-2022-4318

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cri-o versions prior to 1.26.0

Description A vulnerability was found in cri-o, allowing the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For cri-o versions prior to 1.26.0, update to version 1.26.0 or later to resolve the issue. As a temporary workaround, consider using additional security controls like SELinux to prevent any damage a container is able to do with root on the host.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-913CWE-538

Related Identifiers

ALT-PU-2023-1519

ALT-PU-2023-1528

AZL-39873

BDU:2024-02430

CVE-2022-4318

GHSA-CM9X-C3RH-7RC4

GO-2022-1206

OESA-2024-1406

RHSA-2023:1033

RHSA-2023:1503

Affected Products

Alt Linux

Red Os

Cri-O

CVE-2022-4318

Weakness Enumeration

Related Identifiers

Affected Products

References · 27