Описание
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 9 | fence-agents | Not affected | ||
| Red Hat OpenShift Container Platform 4.11 | cri-o | Fixed | RHSA-2023:1503 | 04.04.2023 |
| Red Hat OpenShift Container Platform 4.12 | cri-o | Fixed | RHSA-2023:1033 | 07.03.2023 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-538
https://bugzilla.redhat.com/show_bug.cgi?id=2152703cri-o: /etc/passwd tampering privesc
7.8 High
CVSS3
Связанные уязвимости
CVSS3: 7.8
ubuntu
больше 1 года назад
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVSS3: 7.8
nvd
больше 1 года назад
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVSS3: 7.8
debian
больше 1 года назад
A vulnerability was found in cri-o. This issue allows the addition of ...
CVSS3: 6.1
github
больше 2 лет назад
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
7.8 High
CVSS3