CVE-2022-2995

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-2995

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2995.json

Aliases

Related

Published

2022-09-19T20:15:12Z

Modified

2023-11-29T09:40:11.209259Z

Details

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

References

Affected packages

Git / github.com/cri-o/cri-o

Affected ranges

Type: GIT
Repo: https://github.com/cri-o/cri-o
Events: Introduced

0The exact introduced commit is unknown

Last affected

315a0cb5b0abd15619384d7da7f3941714afcb8e

Type: GIT
Repo: https://github.com/kubernetes-incubator/cri-o
Events: Introduced

0The exact introduced commit is unknown

Last affected

315a0cb5b0abd15619384d7da7f3941714afcb8e

Affected versions

v0.*

v0.0.0

v0.1

v0.2

v0.3

v1.*

v1.0.0

v1.0.0-alpha.0

v1.0.0-beta.0

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.18.0-rc1

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.8.0

v1.9.0-beta.1

v1.9.0-beta.2