7.8
CVE-2022-4318
- EPSS 0.04%
- Published 25.09.2023 20:15:10
- Last modified 21.11.2024 07:35:01
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
Data is provided by the National Vulnerability Database (NVD)
Kubernetes ≫ Cri-o Version-
Redhat ≫ Openshift Container Platform For Arm64 Version4.12
Redhat ≫ Openshift Container Platform For Linuxone Version4.12
Redhat ≫ Openshift Container Platform For Power Version4.12
Redhat ≫ Openshift Container Platform Ibm Z Systems Version4.12
Redhat ≫ Openshift Container Platform For Arm64 Version4.12
Redhat ≫ Openshift Container Platform For Linuxone Version4.12
Redhat ≫ Openshift Container Platform For Power Version4.12
Redhat ≫ Openshift Container Platform Ibm Z Systems Version4.12
Fedoraproject ≫ Extra Packages For Enterprise Linux Version8.0
Fedoraproject ≫ Fedora Version36
Fedoraproject ≫ Fedora Version37
Redhat ≫ Openshift Container Platform For Arm64 Version4.11
Redhat ≫ Openshift Container Platform For Linuxone Version4.11
Redhat ≫ Openshift Container Platform For Power Version4.11
Redhat ≫ Openshift Container Platform Ibm Z Systems Version4.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.115 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
CWE-913 Improper Control of Dynamically-Managed Code Resources
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.