CVE-2022-3466 Information

Sep 21, 2023 cve

Description

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48 4.10.31 and 4.11.6 via RHBA-2022:6316 RHBA-2022:6257 and RHBA-2022:6658 respectively included an incorrect version of cri-o missing the fix for CVE-2022-27652 which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details see https://access.redhat.com/security/cve/CVE-2022-27652.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

https://access.redhat.com/errata/RHSA-2022:7398 https://access.redhat.com/security/cve/CVE-2022-3466 https://bugzilla.redhat.com/show_bug.cgi?id=2134063

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

5.3

Share on: