CVE-2022-2995
HIGH7.1EPSS 0.04%CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure in github.com/cri-o/cri-o
Published: 9/20/2022Modified: 3/3/2026
Description
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure in github.com/cri-o/cri-o
Affected packages (2)
- Go/github.com/cri-o/cri-ofrom 0, < 1.25.0
- Go/github.com/cri-o/cri-ofrom 0, < 1.25.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
References (6)
- ADVISORYhttps://github.com/advisories/GHSA-phjr-8j92-w5v7
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-2995
- PATCHhttps://github.com/cri-o/cri-o
- WEBhttps://github.com/cri-o/cri-o/commit/db3b399a8d7dabf7f073db73894bee98311d7909
- WEBhttps://github.com/cri-o/cri-o/pull/6159
- WEBhttps://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation