7.8
CVE-2022-4318
- EPSS 0.04%
- Veröffentlicht 25.09.2023 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:35:01
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kubernetes ≫ Cri-o Version-
Redhat ≫ Openshift Container Platform For Arm64 Version4.12
Redhat ≫ Openshift Container Platform For Linuxone Version4.12
Redhat ≫ Openshift Container Platform For Power Version4.12
Redhat ≫ Openshift Container Platform Ibm Z Systems Version4.12
Redhat ≫ Openshift Container Platform For Arm64 Version4.12
Redhat ≫ Openshift Container Platform For Linuxone Version4.12
Redhat ≫ Openshift Container Platform For Power Version4.12
Redhat ≫ Openshift Container Platform Ibm Z Systems Version4.12
Fedoraproject ≫ Extra Packages For Enterprise Linux Version8.0
Fedoraproject ≫ Fedora Version36
Fedoraproject ≫ Fedora Version37
Redhat ≫ Openshift Container Platform For Arm64 Version4.11
Redhat ≫ Openshift Container Platform For Linuxone Version4.11
Redhat ≫ Openshift Container Platform For Power Version4.11
Redhat ≫ Openshift Container Platform Ibm Z Systems Version4.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.115 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
CWE-913 Improper Control of Dynamically-Managed Code Resources
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.