CVE-2022-4318
Cri-o: /etc/passwd tampering privesc
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
Se encontró una vulnerabilidad en cri-o. Este problema permite la adición de líneas arbitrarias en /etc/passwd mediante el uso de una variable de entorno especialmente manipulada.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.34.
*Credits:
Red Hat would like to thank Burt Holzman (Fermilab) for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-06 CVE Reserved
- 2023-04-05 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory
- CWE-913: Improper Control of Dynamically-Managed Code Resources
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:1033 | 2024-05-03 | |
| https://access.redhat.com/errata/RHSA-2023:1503 | 2024-05-03 | |
| https://access.redhat.com/security/cve/CVE-2022-4318 | 2023-04-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2152703 | 2023-04-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openshift Container Platform For Arm64 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" | 4.12 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" and version "4.12" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" | 4.12 Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.12" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power" | 4.12 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.12" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform Ibm Z Systems Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" | 4.12 Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" and version "4.12" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform For Arm64 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" | 4.12 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" and version "4.12" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" | 4.12 Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.12" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power" | 4.12 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.12" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform Ibm Z Systems Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" | 4.12 Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" and version "4.12" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform For Arm64 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" | 4.11 Search vendor "Redhat" for product "Openshift Container Platform For Arm64" and version "4.11" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform For Linuxone Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" | 4.11 Search vendor "Redhat" for product "Openshift Container Platform For Linuxone" and version "4.11" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform For Power Search vendor "Redhat" for product "Openshift Container Platform For Power" | 4.11 Search vendor "Redhat" for product "Openshift Container Platform For Power" and version "4.11" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform Ibm Z Systems Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" | 4.11 Search vendor "Redhat" for product "Openshift Container Platform Ibm Z Systems" and version "4.11" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Kubernetes Search vendor "Kubernetes" | Cri-o Search vendor "Kubernetes" for product "Cri-o" | - | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Extra Packages For Enterprise Linux Search vendor "Fedoraproject" for product "Extra Packages For Enterprise Linux" | 8.0 Search vendor "Fedoraproject" for product "Extra Packages For Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||