GHSA-phjr-8j92-w5v7

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-phjr-8j92-w5v7/GHSA-phjr-8j92-w5v7.json
Aliases
  • CVE-2022-2995
Published
2022-09-20T00:00:22Z
Modified
2022-09-22T17:22:56Z
Details

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

References

Affected packages

Go / github.com/cri-o/cri-o

github.com/cri-o/cri-o

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
1.25.0

Affected versions