An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jbTl4LWMzcmgtN3JjNM4AAwpl

CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation


It is possible to craft an environment variable with newlines to add entries to a container's /etc/passwd. It is possible to circumvent admission validation of username/UID by adding such an entry.

Note: because the pod author is in control of the container's /etc/passwd, this is not considered a new risk factor. However, this advisory is being opened for transparency and as a way of tracking fixes.


1.26.0 will have the fix. More patches will be posted as they're available.


Additional security controls like SELinux should prevent any damage a container is able to do with root on the host. Using SELinux is recommended because this class of attack is already possible by manually editing the container's /etc/passwd


Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 5 months ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

Identifiers: GHSA-cm9x-c3rh-7rc4, CVE-2022-4318

Affected Packages
Versions: < 1.26.0
Fixed in: 1.26.0