Back to search
CVE-2022-4318
Published: Sep 25, 2023
Modified: Aug 3, 2024
PUBLISHED
CVSS v3.1
7.8
HIGH
Description
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Red Hat OpenShift Container Platform 4.11 | unaffected 0:1.24.4-10.rhaos4.11.git1ed5ac5.el8 - < * |
Red Hat | Red Hat OpenShift Container Platform 4.12 | unaffected 0:1.25.2-9.rhaos4.12.git0a083f9.el9 - < * |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
References
RHSA-2023:1033
vendor-advisory
x_refsource_REDHAT
RHSA-2023:1503
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2022-4318
vdb-entry
x_refsource_REDHAT
RHBZ#2152703
issue-tracking
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now