VDB

RHSA-2022%3A6517

RHSA-2022%3A6517 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in the containerd package. Containerd could allow a local authenticated attacker to traverse directories on the system, due to improper restricted permissions on the container root and plugin directories. This issue could allow an attacker to send a specially-crafted request containing "dot dot" sequences (/../) to view directory contents and execute programs.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

VendorProductVersions
Red Hatrhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64 as a component of Red Hat OpenStack Platform 16.2*, rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64, rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64
Red Hatrhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64
Red Hatrhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64 as a component of Red Hat OpenStack Platform 16.2rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64, rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64, rhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64
Red Hatrhosp-rhel8-tech-preview/osp-director-operator@sha256:f60730cb02cea67835ba63c86e0c0d159714a1e6fdc12364680ea59fb816f7bd_amd64 as a component of Red Hat OpenStack Platform 16.2*, *, *
golangGo
Red Hatrhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64 as a component of Red Hat OpenStack Platform 16.2rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64, rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64, rhosp-rhel8-tech-preview/osp-director-operator-bundle@sha256:58abd2a556d744489724497ede17fe15bdcf8bfbe526a58754c431e7ace7e7a2_amd64

Timeline

  • Sep 14, 2022 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jun 19, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›