Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-cm9x-c3rh-7rc4

GitHub Security Advisory

CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry.

Note: because the pod author is in control of the container's /etc/passwd, this is not considered a new risk factor. However, this advisory is being opened for transparency and as a way of tracking fixes.

### Patches
1.26.0 will have the fix. More patches will be posted as they're available.

### Workarounds
Additional security controls like SELinux should prevent any damage a container is able to do with root on the host. Using SELinux is recommended because this class of attack is already possible by manually editing the container's /etc/passwd

### References

Affected Packages

Go github.com/cri-o/cri-o
Affected versions: 0 (fixed in 1.26.0)

Related CVEs

CVE-2022-4318

Key Information

GHSA ID
GHSA-cm9x-c3rh-7rc4
Published
December 29, 2022 1:49 AM
Last Modified
December 29, 2022 1:49 AM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/cri-o/cri-o
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.