CVE-2022-4318
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
| Software | From | Fixed in |
|---|---|---|
github.com/cri-o/cri-o
|
- | 1.26.0 |
| redhat / openshift_container_platform_for_arm64 | 4.12 | 4.12.x |
| redhat / openshift_container_platform_for_linuxone | 4.12 | 4.12.x |
| redhat / openshift_container_platform_for_power | 4.12 | 4.12.x |
| redhat / openshift_container_platform_ibm_z_systems | 4.12 | 4.12.x |
| fedoraproject / extra_packages_for_enterprise_linux | 8.0 | 8.0.x |
| fedoraproject / fedora | 36 | 36.x |
| fedoraproject / fedora | 37 | 37.x |
| redhat / openshift_container_platform_for_arm64 | 4.11 | 4.11.x |
| redhat / openshift_container_platform_for_linuxone | 4.11 | 4.11.x |
| redhat / openshift_container_platform_for_power | 4.11 | 4.11.x |
| redhat / openshift_container_platform_ibm_z_systems | 4.11 | 4.11.x |
- https://access.redhat.com/errata/RHSA-2023:1033
- https://access.redhat.com/errata/RHSA-2023:1503
- https://access.redhat.com/security/cve/CVE-2022-4318
- https://bugzilla.redhat.com/show_bug.cgi?id=2152703
- https://github.com/cri-o/cri-o/pull/6450
- https://github.com/cri-o/cri-o/security/advisories/GHSA-cm9x-c3rh-7rc4
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime