Untriaged
Permalink
CVE-2022-4318
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Cri-o: /etc/passwd tampering privesc
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
References
- RHSA-2023:1033 x_refsource_REDHAT vendor-advisory
- RHSA-2023:1503 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2022-4318 x_refsource_REDHAT vdb-entry
- RHBZ#2152703 issue-tracking x_refsource_REDHAT
- RHSA-2023:1033 x_refsource_REDHAT vendor-advisory
- RHSA-2023:1503 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2022-4318 x_refsource_REDHAT vdb-entry
- RHBZ#2152703 issue-tracking x_refsource_REDHAT
- RHSA-2023:1503 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2022-4318 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2152703 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:1033 x_refsource_REDHAT vendor-advisory x_transferred
Affected products
cri-o
- *
fence-agents
Matching in nixpkgs
pkgs.cri-o
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
-
nixos-unstable -
- nixpkgs-unstable 1.34.0
pkgs.cri-o-unwrapped
Open Container Initiative-based implementation of the Kubernetes Container Runtime Interface
-
nixos-unstable -
- nixpkgs-unstable 1.34.0
Package maintainers
-
@saschagrunert Sascha Grunert <mail@saschagrunert.de>
-
@vdemeester Vincent Demeester <vincent@sbr.pm>