CVE-2022-4318

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-4318
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:1033 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:1503 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-4318 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2152703 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
History

26 Sep 2023, 20:51

Type Values Removed Values Added
CWE CWE-913
CPE cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:*:*:*:*:*:*:*
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:*:*:*:*:*:*:*
First Time Kubernetes
Fedoraproject fedora
Redhat
Kubernetes cri-o
Redhat enterprise Linux
Redhat openshift Container Platform For Linuxone
Fedoraproject
Redhat openshift Container Platform For Power
Fedoraproject extra Packages For Enterprise Linux
Redhat openshift Container Platform For Arm64
Redhat openshift Container Platform Ibm Z Systems
References (MISC) https://access.redhat.com/errata/RHSA-2023:1033 - (MISC) https://access.redhat.com/errata/RHSA-2023:1033 - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2152703 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2152703 - Issue Tracking, Third Party Advisory
References (MISC) https://access.redhat.com/errata/RHSA-2023:1503 - (MISC) https://access.redhat.com/errata/RHSA-2023:1503 - Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2022-4318 - (MISC) https://access.redhat.com/security/cve/CVE-2022-4318 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

25 Sep 2023, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-25 20:15

Updated : 2023-12-10 15:14

NVD link : CVE-2022-4318

Mitre link : CVE-2022-4318

CVE.ORG link : CVE-2022-4318

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • openshift_container_platform_for_power
  • openshift_container_platform_for_linuxone
  • openshift_container_platform_for_arm64
  • openshift_container_platform_ibm_z_systems

kubernetes

  • cri-o

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux
CWE
CWE-913

Improper Control of Dynamically-Managed Code Resources

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory