Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Published

2022-09-19T20:15:12.493

Last Modified

2025-05-29T16:15:28.027

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kubernetes	cri-o	1.25.0	Yes

References

https://github.com/cri-o/cri-o/pull/6159 Patch, Third Party Advisory ([email protected])
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ Exploit, Third Party Advisory ([email protected])
https://github.com/cri-o/cri-o/pull/6159 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)