An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1waGpyLThqOTItdzV2N84AAu6n

CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 8 months ago

CVSS Score: 7.1
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Identifiers: GHSA-phjr-8j92-w5v7, CVE-2022-2995

Affected Packages
Versions: < 1.25.0
Fixed in: 1.25.0