CVE-2022-2995
HIGH7.1EPSS 0.04%CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure in github.com/cri-o/cri-o
發布日:2022/9/20修改日:2026/3/3
描述
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure in github.com/cri-o/cri-o
受影響套件(2)
- Go/github.com/cri-o/cri-ofrom 0, < 1.25.0
- Go/github.com/cri-o/cri-ofrom 0, < 1.25.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
參考連結(6)
- ADVISORYhttps://github.com/advisories/GHSA-phjr-8j92-w5v7
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-2995
- PATCHhttps://github.com/cri-o/cri-o
- WEBhttps://github.com/cri-o/cri-o/commit/db3b399a8d7dabf7f073db73894bee98311d7909
- WEBhttps://github.com/cri-o/cri-o/pull/6159
- WEBhttps://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation