Lucene search
RedhatCVELIST:CVE-2022-27652HistoryApr 18, 2022 - 4:20 p.m.
CVE-2022-27652
2022-04-1816:20:29
CWE-276
redhat
www.cve.org
7
flaw
elevation
inheritable capabilities
cri-o
moby
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CNA Affected
[
{
"product": "cri-o",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects all versions."
}
]
}
]Related
github
github
Incorrect Default Permissions in CRI-O
2022-04-22 20:42:46
cve
cve
CVE-2022-27652
2022-04-18 17:15:16
CVE-2022-3466
2023-09-15 14:15:08
osv
osv
Incorrect Default Permissions in CRI-O in github.com/cri-o/cri-o
2024-08-21 15:11:31
CVE-2022-27652
2022-04-18 17:15:16
Incorrect Default Permissions in CRI-O
2022-04-22 20:42:46
veracode
veracode
Insecure Defaults
2022-04-25 08:12:13
prion
prion
Default credentials
2022-04-18 17:15:00
Design/Logic Flaw
2023-09-15 14:15:00
nvd
nvd
CVE-2022-27652
2022-04-18 17:15:16
CVE-2022-3466
2023-09-15 14:15:08
redhatcve
redhatcve
CVE-2022-27652
2022-03-31 20:48:35
CVE-2022-3466
2022-10-13 20:01:19
cvelist
cvelist
CVE-2022-3466 Cri-o: security regression of cve-2022-27652
2023-09-15 13:18:27
vulnrichment
vulnrichment
CVE-2022-3466 Cri-o: security regression of cve-2022-27652
2023-09-15 13:18:27
altlinux
altlinux
Security fix for the ALT Linux 10 package cri-o version 1.26.2-alt1
2023-03-29 00:00:00
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.10.12 (RHSA-2022:1600)
2022-05-02 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
2024-01-24 00:00:00
redhat
redhat