CVE-2022-4318

Summary

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat OpenShift Container Platform 4.110:1.24.4-10.rhaos4.11.git1ed5ac5.el8 < *unaffected
Red HatRed Hat OpenShift Container Platform 4.120:1.25.2-9.rhaos4.12.git0a083f9.el9 < *unaffected

Weaknesses

  • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References