Sensitive Information Disclosure in CRI-O Container Engine by Red Hat
CVE-2022-2995
7.1HIGH
What is CVE-2022-2995?
The CRI-O container engine, developed by Red Hat, exhibits vulnerabilities in the handling of supplementary groups that could lead to unauthorized access to sensitive information or potential data manipulation. If an attacker gains direct access to a vulnerable container where supplementary groups dictate access permissions, they may execute arbitrary code within the container environment. This situation underscores the need for strict access controls and regular security assessments to mitigate risks associated with container deployments.
Affected Version(s)
cri-o cri-o 1.25.0