Kubernetes Cri-o
10 CVEs affecting Kubernetes Cri-o. Latest disclosed: 2024-06-12. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-0811 | High | 8.8 | 2022-03-16 | A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses th… |
CVE-2018-1000400 | High | 8.8 | 2018-05-18 | Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can res… |
CVE-2024-5154 | High | 8.1 | 2024-06-12 | A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows th… |
CVE-2022-4318 | High | 7.8 | 2023-09-25 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. |
CVE-2022-1708 | High | 7.5 | 2022-06-07 | A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs co… |
CVE-2022-2995 | High | 7.1 | 2022-09-19 | Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an… |
CVE-2022-27652 | Medium | 5.3 | 2022-04-18 | A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) wher… |
CVE-2019-14891 | Medium | 5.0 | 2019-11-25 | A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) pr… |
CVE-2022-3466 | Medium | 4.8 | 2023-09-15 | The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, r… |
CVE-2022-0532 | Medium | 4.2 | 2022-02-09 | An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will b… |