CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:1033	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:1503	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-4318	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2152703	Issue Tracking Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:1033	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:1503	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-4318	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2152703	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:35

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2023:1033 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2023:1033 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:1503 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2023:1503 - Third Party Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2022-4318 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2022-4318 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2152703 - Issue Tracking, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2152703 - Issue Tracking, Third Party Advisory

26 Sep 2023, 20:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~(MISC) https://access.redhat.com/security/cve/CVE-2022-4318 -~~	(MISC) https://access.redhat.com/security/cve/CVE-2022-4318 - Third Party Advisory
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:1033 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:1033 - Third Party Advisory
References	~~(MISC) https://access.redhat.com/errata/RHSA-2023:1503 -~~	(MISC) https://access.redhat.com/errata/RHSA-2023:1503 - Third Party Advisory
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2152703 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2152703 - Issue Tracking, Third Party Advisory
CPE		cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.12:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.12:::::::* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.11:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.11:::::::* cpe:2.3:a:kubernetes:cri-o:-:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.12:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.11:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:fedoraproject:fedora:37:::::::* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.12:::::::*
CWE		CWE-913
First Time		Fedoraproject extra Packages For Enterprise Linux Redhat openshift Container Platform For Linuxone Kubernetes Redhat openshift Container Platform Ibm Z Systems Redhat Kubernetes cri-o Fedoraproject Fedoraproject fedora Redhat openshift Container Platform For Arm64 Redhat enterprise Linux Redhat openshift Container Platform For Power

25 Sep 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-25 20:15

Updated : 2024-11-21 07:35

NVD link : CVE-2022-4318

Mitre link : CVE-2022-4318

CVE.ORG link : CVE-2022-4318

JSON object : View

Products Affected

fedoraproject

fedora
extra_packages_for_enterprise_linux

redhat

openshift_container_platform_ibm_z_systems
openshift_container_platform_for_arm64
openshift_container_platform_for_linuxone
enterprise_linux
openshift_container_platform_for_power

kubernetes

cri-o

CWE

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

CWE-913

Improper Control of Dynamically-Managed Code Resources

7.8 /10