Home > Vulnerability Database > CVE-2022-2995

Mend.io Vulnerability Database

CVE-2022-2995

Good to know:

Date: September 19, 2022

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Language: Go

Severity Score

7.1

Related Resources (7)

Url: https://github.com/cri-o/cri-o/commit/db3b399a8d7dabf7f073db73894bee98311d7909

Url: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation

Url: https://github.com/cri-o/cri-o/pull/6159

Url: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/

Url: https://github.com/cri-o/cri-o

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2995

Url: https://www.mend.io/vulnerability-database/CVE-2022-2995

Severity Score

7.1

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version v1.25.0

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2995

Good to know:

Date: September 19, 2022

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?