Lucene search
Veracode Vulnerability DatabaseVERACODE:38827HistoryJan 11, 2023 - 3:45 a.m.
Privilege Escalation
2023-01-1103:45:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
github
cri-o
vulnerability
privilege escalation
container_create.go
homedir parameter
0.0004 Low
EPSS
Percentile
5.1%
github.com/cri-o/cri-o is vulnerable to Privilege Escalation. The vulnerability exists because the setupContainerUser function in container_create.go does not properly validate the homedir parameter, allowing an attacker to maliciously craft an environment variable with newlines to add entries to a container’s /etc/passwd.
References
access.redhat.com/errata/RHSA-2023:1033
access.redhat.com/errata/RHSA-2023:1503
access.redhat.com/security/cve/CVE-2022-4318
bugzilla.redhat.com/show_bug.cgi?id=2152703
github.com/advisories/GHSA-cm9x-c3rh-7rc4
github.com/cri-o/cri-o/commit/41dca27cb53bca3c9255287f53e241b9d3bfd7de
github.com/cri-o/cri-o/pull/6450
Related
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.11.34 (RHSA-2023:1503)
2024-01-24 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.12.6 (RHSA-2023:1033)
2024-04-28 00:00:00
RHEL 8 : OpenShift Container Platform 4.11.34 (RHSA-2023:1503)
2024-04-23 00:00:00
nvd
nvd
CVE-2022-4318
2023-09-25 20:15:10
redhat
redhat
github
github
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
2022-12-29 01:49:47
cvelist
cvelist
CVE-2022-4318 Cri-o: /etc/passwd tampering privesc
2023-09-25 19:23:02
redhatcve
redhatcve
CVE-2022-4318
2022-12-12 18:34:51
prion
prion
Design/Logic Flaw
2023-09-25 20:15:00
cve
cve
CVE-2022-4318
2023-09-25 20:15:10
vulnrichment
vulnrichment
CVE-2022-4318 Cri-o: /etc/passwd tampering privesc
2023-09-25 19:23:02
osv
osv
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
2022-12-29 01:49:47
redos
redos
ROS-20240401-03
2024-04-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package cri-o version 1.26.2-alt1
2023-03-29 00:00:00