Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-4318
HistorySep 25, 2023 - 8:15 p.m.

CVE-2022-4318

2023-09-2520:15:10
CWE-538
CWE-913
[email protected]
web.nvd.nist.gov
cri-o
vulnerability
/etc/passwd
environment variable

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Affected configurations

NVD
Node
kubernetescri-oMatch-
Node
redhatopenshift_container_platform_for_arm64Match4.12
OR
redhatopenshift_container_platform_for_linuxoneMatch4.12
OR
redhatopenshift_container_platform_for_powerMatch4.12
OR
redhatopenshift_container_platform_ibm_z_systemsMatch4.12
AND
redhatenterprise_linuxMatch8.0
Node
redhatopenshift_container_platform_for_arm64Match4.12
OR
redhatopenshift_container_platform_for_linuxoneMatch4.12
OR
redhatopenshift_container_platform_for_powerMatch4.12
OR
redhatopenshift_container_platform_ibm_z_systemsMatch4.12
AND
redhatenterprise_linuxMatch9.0
Node
fedoraprojectextra_packages_for_enterprise_linuxMatch8.0
OR
fedoraprojectfedoraMatch36
OR
fedoraprojectfedoraMatch37
Node
redhatopenshift_container_platform_for_arm64Match4.11
OR
redhatopenshift_container_platform_for_linuxoneMatch4.11
OR
redhatopenshift_container_platform_for_powerMatch4.11
OR
redhatopenshift_container_platform_ibm_z_systemsMatch4.11
AND
redhatenterprise_linuxMatch8.0

Related

nessus 4
redhat 3
github 1
redhatcve 1
prion 1
cve 1
veracode 1
cvelist 1
vulnrichment 1
osv 1
redos 1
altlinux 1
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.11.34 (RHSA-2023:1503)
2024-01-24 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.12.6 (RHSA-2023:1033)
2024-04-28 00:00:00
RHEL 8 : OpenShift Container Platform 4.11.34 (RHSA-2023:1503)
2024-04-23 00:00:00
redhat
redhat
(RHSA-2023:1503) Moderate: OpenShift Container Platform 4.11.34 packages and security update
2023-04-04 11:38:15
(RHSA-2023:1033) Moderate: OpenShift Container Platform 4.12.6 packages and security update
2023-03-07 10:36:56
(RHSA-2023:1504) Moderate: OpenShift Container Platform 4.11.34 bug fix and security update
2023-04-04 11:25:02
github
github
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
2022-12-29 01:49:47
redhatcve
redhatcve
CVE-2022-4318
2022-12-12 18:34:51
prion
prion
Design/Logic Flaw
2023-09-25 20:15:00
cve
cve
CVE-2022-4318
2023-09-25 20:15:10
veracode
veracode
Privilege Escalation
2023-01-11 03:45:30
cvelist
cvelist
CVE-2022-4318 Cri-o: /etc/passwd tampering privesc
2023-09-25 19:23:02
vulnrichment
vulnrichment
CVE-2022-4318 Cri-o: /etc/passwd tampering privesc
2023-09-25 19:23:02
osv
osv
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
2022-12-29 01:49:47
redos
redos
ROS-20240401-03
2024-04-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package cri-o version 1.26.2-alt1
2023-03-29 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for NVD:CVE-2022-4318
nessus4redhat3github1redhatcve1prion1cve1veracode1cvelist1vulnrichment1osv1redos1altlinux1