Published: 19/09/2022 Updated: 21/09/2022

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 0

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kubernetes cri-o 1.25.0

Synopsis Moderate: Migration Toolkit for Containers (MTC) 177 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 177 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Low: OpenShift Container Platform 41060 packages and security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41060 is now available with updates to packages and ...

Synopsis Important: Red Hat OpenShift Service Mesh Containers for 240 Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh Containers for 240Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...

Synopsis Moderate: OpenShift Container Platform 4120 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4120 is now available withupdates to packag ...

Synopsis Low: OpenShift Container Platform 41143 packages and security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41143 is now available with updates to packages and ...

Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 610 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...

Synopsis Important: OpenShift Container Platform 41144 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41144 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...

Synopsis Moderate: OpenShift Container Platform 4120 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4120 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...

CWE-732 https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/https://github.com/cri-o/cri-o/pull/6159 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:0693 https://access.redhat.com/security/cve/cve-2022-2995

Get Started

CVE-2022-2995

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect