GO-2022-1014 CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure in github.com/cri-o/cri-o

🗓️ 21 Aug 2024 16:03:24Reported by GoogleType

osv

osv🔗 osv.dev👁 12 Views

CRI-O supplementary groups vulnerability in githu

Reporter	Title	Published	Views	Family All 49
ALT Linux	Security fix for the ALT Linux 10 package cri-o version 1.26.2-alt1	29 Mar 202300:00	–	altlinux
BDU FSTEC	The vulnerability of the CRI-O Container Engine’s application programming interface allows a attacker to disclose confidential information or alter arbitrary data.	1 Apr 202400:00	–	bdu_fstec
CBLMariner	CVE-2022-2995 affecting package cri-o for versions less than 1.21.7-2	30 Apr 202401:31	–	cbl_mariner
Circl	CVE-2022-2995	20 Sep 202200:38	–	circl
CNNVD	CRI-O 安全漏洞	25 Aug 202200:00	–	cnnvd
CVE	CVE-2022-2995	19 Sep 202219:53	–	cve
Cvelist	CVE-2022-2995	19 Sep 202219:53	–	cvelist
EUVD	EUVD-2022-6897	3 Oct 202520:07	–	euvd
Github Security Blog	CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure	20 Sep 202200:00	–	github
Microsoft CVE	Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.	15 Apr 202407:00	–	mscve

Source	Link
github	www.github.com/advisories/GHSA-phjr-8j92-w5v7
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-2995
github	www.github.com/cri-o/cri-o/commit/db3b399a8d7dabf7f073db73894bee98311d7909
github	www.github.com/cri-o/cri-o/pull/6159
benthamsgaze	www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation

03 Mar 2026 04:52Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.17.1

EPSS0.00044

SSVC

cri-o supplementary groups vulnerability github