CVE-2022-4318
25.09.2023, 20:15
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.Enginsight
| Vendor | Product | Version |
|---|---|---|
| kubernetes | cri-o | - |
| redhat | openshift_container_platform_for_arm64 | 4.12 |
| redhat | openshift_container_platform_for_linuxone | 4.12 |
| redhat | openshift_container_platform_for_power | 4.12 |
| redhat | openshift_container_platform_ibm_z_systems | 4.12 |
| redhat | openshift_container_platform_for_arm64 | 4.12 |
| redhat | openshift_container_platform_for_linuxone | 4.12 |
| redhat | openshift_container_platform_for_power | 4.12 |
| redhat | openshift_container_platform_ibm_z_systems | 4.12 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| redhat | openshift_container_platform_for_arm64 | 4.11 |
| redhat | openshift_container_platform_for_linuxone | 4.11 |
| redhat | openshift_container_platform_for_power | 4.11 |
| redhat | openshift_container_platform_ibm_z_systems | 4.11 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or DirectoryThe product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
- CWE-913 - Improper Control of Dynamically-Managed Code ResourcesThe software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
References