Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-4318

UNKNOWN
Published 2023-09-25T19:23:02.119Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-4318. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.8
/10
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25
Exploit Probability
Percentile: 0.051
Higher than 5.1% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

Red Hat OpenShift Container Platform 4.11

Affected Versions:

0:1.24.4-10.rhaos4.11.git1ed5ac5.el8
Red Hat

Red Hat OpenShift Container Platform 4.12

Affected Versions:

0:1.25.2-9.rhaos4.12.git0a083f9.el9
Red Hat

Red Hat Enterprise Linux 9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation

GHSA-cm9x-c3rh-7rc4

Advisory Details

### Impact It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry. Note: because the pod author is in control of the container's /etc/passwd, this is not considered a new risk factor. However, this advisory is being opened for transparency and as a way of tracking fixes. ### Patches 1.26.0 will have the fix. More patches will be posted as they're available. ### Workarounds Additional security controls like SELinux should prevent any damage a container is able to do with root on the host. Using SELinux is recommended because this class of attack is already possible by manually editing the container's /etc/passwd ### References

Affected Packages

Go github.com/cri-o/cri-o
ECOSYSTEM: ≥0 <1.26.0

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

References

WEB https://github.com/cri-o/cri-o/security/advisories/GHSA-cm9x-c3rh-7rc4
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-4318
WEB https://github.com/cri-o/cri-o/pull/6450
WEB https://access.redhat.com/errata/RHSA-2023:1033
WEB https://access.redhat.com/errata/RHSA-2023:1503
WEB https://access.redhat.com/security/cve/CVE-2022-4318
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2152703
PACKAGE https://github.com/cri-o/cri-o

Advisory provided by GitHub Security Advisory Database. Published: December 29, 2022, Modified: December 29, 2022

References

https://access.redhat.com/errata/RHSA-2023:1033
https://access.redhat.com/errata/RHSA-2023:1503
https://access.redhat.com/security/cve/CVE-2022-4318
https://bugzilla.redhat.com/show_bug.cgi?id=2152703
Published: 2023-09-25T19:23:02.119Z
Last Modified: 2024-08-03T01:34:50.124Z
Copied to clipboard!