2 matches found
CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env
A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...
PT-2022-7296 · Cri-O +2 · Cri-O +2
Name of the Vulnerable Software and Affected Versions: cri-o versions prior to 1.26.0 Description: A vulnerability was found in cri-o, allowing the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. This issue may allow an attacker to impact the...