CVE-2022-3466

MEDIUM 4.8

Cri-o: security regression of cve-2022-27652

CVSS Score

4.8

EPSS Score

0.0%

EPSS Percentile

0th

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

CWE	CWE-276
Vendor	red hat
Product	red hat openshift container platform 4.12
Published	Sep 15, 2023
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for red hat red hat openshift container platform 4.12

Be the first to know when new medium vulnerabilities affecting red hat red hat openshift container platform 4.12 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

Red Hat / Red Hat OpenShift Container Platform 4.12

All versions affected

Red Hat / Red Hat OpenShift Container Platform 3.11

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/errata/RHSA-2022:7398 access.redhat.com: https://access.redhat.com/security/cve/CVE-2022-3466 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2134063