CVE-2022-4318
published 2023-09-25CVE-2022-4318: A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| github.com | cri-o_cri-o | >= 0 < 1.26.0 | 1.26.0 |
| msrc | cbl2_cri-o_1.22.3-14_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cri-o_1.22.3-1_on_cbl_mariner_2.0 | — | — |
| redhat | openshift_container_platform_for_arm64 | — | — |
| redhat | openshift_container_platform_for_arm64 | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | openshift_container_platform_ibm_z_systems | — | — |
| redhat | openshift_container_platform_ibm_z_systems | — | — |