CVE-2022-2995 — Vulnetix

CVE-2022-2995 PUBLISHED

Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund einer fehlerhaften Behandlung der zusätzlichen Gruppen in der CRI-O Container-Engine. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben oder möglicherweise Daten zu verändern. Außerdem kann die Schwachstelle für Angriffe zur Codeausführung aus der Ferne genutzt werden.

EPSS 0.04% · 13.9th percentile

Risk Scores

EPSS Score

0.04%

13.9th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat OpenShift Container Platform <4.11.43
Red Hat	Red Hat OpenShift Container Platform 4.13
Red Hat	Red Hat OpenShift
Red Hat	Red Hat OpenShift Container Platform 4.10
Oracle	Oracle Linux
Red Hat	Red Hat OpenShift Container Platform <4.11.44
Red Hat	Red Hat OpenShift Container Platform 4.12
Red Hat	Red Hat OpenShift Container Platform 4.11
Red Hat	Red Hat OpenShift Developer Tools and Services 4.11
Red Hat	Red Hat Enterprise Linux
Red Hat	Red Hat OpenShift Virtualization 4.13
Red Hat	Red Hat OpenShift Container Platform 4

Exploit Intelligence

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ (nist-nvd)
glcve_test.go (github-poc)
glcve_test.go (github-poc)
glcve_test.go (github-poc)
glcve_test.go (github-poc)
glcve_test.go (github-poc)
glcve_test.go (github-poc)

Timeline

Sep 19, 2022 CVE Published
Sep 20, 2022 EPSS Score
Nov 4, 2022 EPSS Score
Dec 19, 2022 EPSS Score
Feb 1, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 18, 2023 EPSS Score
May 2, 2023 EPSS Score
Jun 16, 2023 EPSS Score
Jul 30, 2023 EPSS Score
Sep 13, 2023 EPSS Score
Oct 28, 2023 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0111.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0111 advisory
https://access.redhat.com/errata/RHSA-2022:7398 advisory
https://access.redhat.com/errata/RHSA-2022:7399 advisory
https://access.redhat.com/errata/RHSA-2023:0264 advisory
https://linux.oracle.com/errata/ELSA-2023-0328.html advisory
https://access.redhat.com/errata/RHSA-2023:0328 advisory
https://access.redhat.com/errata/RHSA-2023:0445 advisory
https://access.redhat.com/errata/RHSA-2023:0446 advisory
http://linux.oracle.com/errata/ELSA-2023-0446.html advisory
https://access.redhat.com/errata/RHSA-2023:0569 advisory
https://access.redhat.com/errata/RHSA-2023:0570 advisory
https://access.redhat.com/errata/RHSA-2023:0631 advisory
https://access.redhat.com/errata/RHSA-2023:0709 advisory
https://access.redhat.com/errata/RHSA-2023:0708 advisory
https://access.redhat.com/errata/RHSA-2023:0727 advisory
https://access.redhat.com/errata/RHSA-2023:0769 advisory
https://access.redhat.com/errata/RHSA-2023:0774 advisory
https://access.redhat.com/errata/RHSA-2023:1042 advisory
https://access.redhat.com/errata/RHSA-2023:1174 advisory

…and 13 more

Open in Interactive Console →