CVE-2022-3466— Cri-o: security regression of cve-2022-27652
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-3466
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cri-o: security regression of cve-2022-27652
Source: NVD (National Vulnerability Database)
Vulnerability Description
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
CRI-O 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CRI-O是一款用于Kubernetes系统的轻量级容器运行时环境。 CRI-O 存在安全漏洞,该漏洞源于其允许具有可继承文件功能的程序访问权的攻击者在运行execve(2)时将这些功能提升到允许的集合。以下版本受到影响:基于Red Hat OpenShift Container Platform 4.9.48版本、4.10.31版本和4.11.6版本的cri-o。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4.12 | 0:1.25.1-5.rhaos4.12.git6005903.el9 ~ * | cpe:/a:redhat:openshift:4.12::el8 | |
| Red Hat | Red Hat OpenShift Container Platform 3.11 | - | cpe:/a:redhat:openshift:3.11 |
II. Public POCs for CVE-2022-3466
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-3466
请登录查看更多情报信息。
Same Patch Batch · Red Hat · 2023-09-15 · 3 CVEs total
| CVE-2023-0923 | 8.8 HIGH | Odh-notebook-controller-container: missing authorization allows for file contents disclosu |
| CVE-2023-4959 | 6.5 MEDIUM | Quay: cross-site request forgery (csrf) on config-editor page |
IV. Related Vulnerabilities
Same vendor: Red Hat
- CVE-2026-42011
Gnutls: gnutls: security bypass due to incorrect name constr - CVE-2026-42010
Gnutls: gnutls: authentication bypass via nul character in u - CVE-2026-6420
Keylime: keylime: security bypass due to hardcoded tpm quote - CVE-2026-34956
Openvswitch: open vswitch: denial of service via malformed f - CVE-2026-34002
Xorg: xwayland: x.org x server: information disclosure or de
Same weakness: CWE-276
- CVE-2026-0539
Local Privilege Escalation in pcvisit service client - CVE-2026-6823
HKUDS OpenHarness Insecure Default Remote Channel Allowlist - CVE-2026-6819
HKUDS OpenHarness Plugin Management Command Exposure - CVE-2026-39454
SKYSEA Client View 安全漏洞 - CVE-2026-30811
Missing Authorization in Configuration Ajax Endpoint leads t
V. Comments for CVE-2022-3466
No comments yet