CVE-2022-4318

Опубликовано: 25 сент. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Ссылки

https://access.redhat.com/errata/RHSA-2023:1033
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:1503
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-4318
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2152703
Issue Tracking
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:1033
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:1503
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-4318
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2152703
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.00042

Низкий

7.8 High

CVSS3

Дефекты

CWE-538

CWE-913

Связанные уязвимости

CVE-2022-4318

CVSS3: 7.8

ubuntu

больше 1 года назад

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CVE-2022-4318

CVSS3: 7.8

redhat

больше 2 лет назад

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CVE-2022-4318

CVSS3: 7.8

debian

больше 1 года назад

A vulnerability was found in cri-o. This issue allows the addition of ...

ROS-20240401-03

CVSS3: 7.8

redos

около 1 года назад

Уязвимость cri-o

GHSA-cm9x-c3rh-7rc4

CVSS3: 6.1

github

больше 2 лет назад

CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation

EPSS

Процентиль: 12%

0.00042

Низкий

7.8 High

CVSS3

Дефекты

CWE-538

CWE-913