Sensitive Information Disclosure in CRI-O Container Engine by Red Hat
CVE-2022-2995

7.1HIGH

Key Information:

Vendor: Kubernetes
Status: Cri-o
Vendor: CVE Published:; 19 September 2022

What is CVE-2022-2995?

The CRI-O container engine, developed by Red Hat, exhibits vulnerabilities in the handling of supplementary groups that could lead to unauthorized access to sensitive information or potential data manipulation. If an attacker gains direct access to a vulnerable container where supplementary groups dictate access permissions, they may execute arbitrary code within the container environment. This situation underscores the need for strict access controls and regular security assessments to mitigate risks associated with container deployments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cri-o cri-o 1.25.0

References

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-...

x_refsource_MISC

https://github.com/cri-o/cri-o/pull/6159

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2022
Vulnerability Reserved
Aug 25, 2022

JSON

Kubernetes

What is CVE-2022-2995?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.