Latest kubernetes cri-o Vulnerabilities

CVE-2022-4318
### Impact It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such a...
redhat/cri-o<0:1.24.4-10.rhaos4.11.git1ed5ac5.el8
redhat/cri-o<0:1.25.2-10.rhaos4.12.git0a083f9.el8
Kubernetes CRI-O
Redhat Openshift Container Platform For Arm64=4.12
Redhat Openshift Container Platform For Linuxone=4.12
Redhat Openshift Container Platform For Power=4.12
and 11 more
CVE-2022-3466
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect versio...
redhat/cri-o<0:1.25.1-5.rhaos4.12.git6005903.el8
Kubernetes CRI-O
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.12
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affect...
redhat/cri-o<1.25.0
redhat/cri-o<0:1.23.5-11.rhaos4.10.gitfc32aac.el7
redhat/cri-o<0:1.24.5-5.rhaos4.11.git8bf967b.el8
redhat/cri-o<0:1.25.1-5.rhaos4.12.git6005903.el8
go/github.com/cri-o/cri-o<1.25.0
Kubernetes CRI-O=1.25.0
CVE-2022-1708
### Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands...
redhat/cri-o<1.24.1
redhat/cri-o<1.23.3
redhat/cri-o<1.22.5
redhat/cri-o<1.21.8
redhat/cri-o<1.20.8
redhat/cri-o<1.19.7
and 25 more
CVE-2022-27652
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non...
redhat/cri-o<0:1.23.2-8.rhaos4.10.git8ad5d25.el8
redhat/cri-o<0:1.22.5-7.rhaos4.9.git3dbcd3c.el7
Kubernetes CRI-O
Fedoraproject Fedora=35
Mobyproject Moby<20.10.14
Redhat Openshift Container Platform=3.11
and 1 more
CVE-2022-0811
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container es...
redhat/cri-o<0:1.23.1-12.rhaos4.10.git1607c6e.el7
redhat/cri-o<0:1.19.5-3.rhaos4.6.git91f8458.el8
redhat/cri-o<0:1.20.6-11.rhaos4.7.git76ea3d0.el8
redhat/cri-o<0:1.21.5-3.rhaos4.8.gitaf64931.el8
redhat/cri-o<0:1.22.2-3.rhaos4.9.gitb030be8.el8
Kubernetes CRI-O>=1.19.0<1.19.6
and 4 more
CVE-2022-0532
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is a...
redhat/cri-o<0:1.23.0-92.rhaos4.10.gitdaab4d1.el7
redhat/cri-o<0:1.19.5-3.rhaos4.6.git91f8458.el8
redhat/cri-o<0:1.20.6-11.rhaos4.7.git76ea3d0.el8
redhat/cri-o<0:1.21.5-2.rhaos4.8.gitaf64931.el8
redhat/cri-o<0:1.22.2-2.rhaos4.9.gitb030be8.el7
Kubernetes CRI-O<=1.18
and 2 more
CVE-2019-14891
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload proces...
redhat/cri-o<0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7
redhat/cri-o<0:1.14.12-15.dev.rhaos4.2.gita17905f.el8
Kubernetes CRI-O<1.16.1
Fedoraproject Fedora
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.1
and 1 more
CVE-2018-1000400
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated p...
Kubernetes CRI-O<1.9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203