GO-2022-1206 CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation in github.com/cri-o/cri-o

CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation in github.com/cri-o/cri-o...

Path Traversal

github.com/cri-o/cri-o is vulnerable to Path Traversal. The vulnerability is due to the path of the /etc directory being relative to the base of the container, which could lead to a container escape...

Information Disclosure

github.com/cri-o/cri-o is vulnerable to information disclosure.The vulnerability exists in setupContainerUser function in containercreate.go due to incorrect handling of the supplementary groups which allows an attacker to gain permissions and execute a binary code via container...

Denial Of Service (DoS)

github.com/cri-o/cri-o is vulnerable to denial of service. The vulnerability exists when the output of the command is large causing a memory exhaust causing an application crash...

Privilege Escalation

github.com/cri-o/cri-o is vulnerable to Privilege Escalation. when the pod is using a host network or IPC namespace, which allows a malicious user to set sysctls on the host without having access to hostNetwork and hostIPC...

Validation Bypass

github.com/cri-o/cri-o is vulnerable to Validation Bypass. When an attacker creates a pod with a hostIPC and hostNetwork kernel namespace, the attacker is able to apply sysctls from the list of safe sysctls specified for the cluster resulting in unauthorized access due to insufficient validations...