Moderate severityNVD Advisory· Published Sep 25, 2023· Updated Aug 3, 2024
Cri-o: /etc/passwd tampering privesc
CVE-2022-4318
Description
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/cri-o/cri-oGo | < 1.26.0 | 1.26.0 |
Affected products
4cpe:/a:redhat:openshift:4.11::el8+ 1 more
- cpe:/a:redhat:openshift:4.11::el8range: 0:1.24.4-10.rhaos4.11.git1ed5ac5.el8
- cpe:/a:redhat:openshift:4.12::el8range: 0:1.25.2-9.rhaos4.12.git0a083f9.el9
- cpe:/o:redhat:enterprise_linux:9
Patches
Vulnerability mechanics
References
8- access.redhat.com/errata/RHSA-2023:1033ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2023:1503ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-cm9x-c3rh-7rc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-4318ghsaADVISORY
- access.redhat.com/security/cve/CVE-2022-4318ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/cri-o/cri-o/pull/6450ghsaWEB
- github.com/cri-o/cri-o/security/advisories/GHSA-cm9x-c3rh-7rc4ghsaWEB
News mentions
0No linked articles in our index yet.