Design/Logic Flaw

2023-09-2520:15:00

PRIOn knowledge base

www.prio-n.com

cri-o

vulnerability

/etc/passwd

environment variable

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CPENameOperatorVersion
extra_packages_for_enterprise_linuxeq8.0
fedoraeq36
fedoraeq37
openshift_container_platform_for_arm64eq4.12
openshift_container_platform_for_arm64eq4.12
openshift_container_platform_for_arm64eq4.11
openshift_container_platform_for_linuxoneeq4.12
openshift_container_platform_for_linuxoneeq4.12
openshift_container_platform_for_linuxoneeq4.11
openshift_container_platform_for_powereq4.12

Name	Operator	Version
extra_packages_for_enterprise_linux	eq	8.0
fedora	eq	36
fedora	eq	37
openshift_container_platform_for_arm64	eq	4.12
openshift_container_platform_for_arm64	eq	4.12
openshift_container_platform_for_arm64	eq	4.11
openshift_container_platform_for_linuxone	eq	4.12
openshift_container_platform_for_linuxone	eq	4.12
openshift_container_platform_for_linuxone	eq	4.11
openshift_container_platform_for_power	eq	4.12