7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
7.0%
github.com/cri-o/cri-o is vulnerable to improper access control. The vulnerability exists because of incorrect handling of the supplementary groups, which allows local authenticated attackers to access restricted information or possible unauthorized data modification.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/cri-o/cri-o | le | v1.24.1 | |
github.com/cri-o/cri-o | le | v1.24.1 |
access.redhat.com/security/cve/cve-2022-2995
bugzilla.redhat.com/show_bug.cgi?id=2121632
github.com/cri-o/cri-o/commit/42b58538426711eeb8a57f841dc3e2d97881f49d
github.com/cri-o/cri-o/pull/6159
github.com/golang/vulndb/issues/1014
www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
7.0%