A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2023:1033 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2023:1503 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2022-4318 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2152703 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
History
26 Sep 2023, 20:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-913 | |
CPE | cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:*:*:*:*:*:*:* |
|
First Time |
Kubernetes
Fedoraproject fedora Redhat Kubernetes cri-o Redhat enterprise Linux Redhat openshift Container Platform For Linuxone Fedoraproject Redhat openshift Container Platform For Power Fedoraproject extra Packages For Enterprise Linux Redhat openshift Container Platform For Arm64 Redhat openshift Container Platform Ibm Z Systems |
|
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1033 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2152703 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://access.redhat.com/errata/RHSA-2023:1503 - Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-4318 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
25 Sep 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-25 20:15
Updated : 2023-12-10 15:14
NVD link : CVE-2022-4318
Mitre link : CVE-2022-4318
CVE.ORG link : CVE-2022-4318
JSON object : View
Products Affected
redhat
- enterprise_linux
- openshift_container_platform_for_power
- openshift_container_platform_for_linuxone
- openshift_container_platform_for_arm64
- openshift_container_platform_ibm_z_systems
kubernetes
- cri-o
fedoraproject
- fedora
- extra_packages_for_enterprise_linux