GCVE - cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kubernetes:cri-o:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Kubernetes (`3ee05930-9e42-51b2-ad52-30832f573b15`)
Product	Cri O (`82cd6a0b-11f3-5c33-b509-4fb83357c63a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/cri-o/cri-o`	purl2cpe	2026-06-01 10:13:27.433297
`pkg:rpm/opensuse/cri-o`	purl2cpe	2026-06-01 10:13:27.433301

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-4318`	vulnerable	2026-06-03 14:48:35.485533	Cri-o: /etc/passwd tampering privesc HIGH (7.8) A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. Published: 2023-09-25T19:23:02.119Z Updated: 2024-08-03T01:34:50.124Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2023:1033 https://access.redhat.com/errata/RHSA-2023:1503 https://access.redhat.com/security/cve/CVE-2022-4318 https://bugzilla.redhat.com/show_bug.cgi?id=2152703	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3466`	vulnerable	2026-06-03 14:47:58.477029	Cri-o: security regression of cve-2022-27652 MEDIUM (4.8) The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. Published: 2023-09-15T13:18:27.974Z Updated: 2024-08-03T01:14:01.483Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2022:7398 https://access.redhat.com/security/cve/CVE-2022-3466 https://bugzilla.redhat.com/show_bug.cgi?id=2134063	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-27652`	vulnerable	2026-06-03 14:46:53.344355	Details available A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Published: 2022-04-18T16:20:29.000Z Updated: 2024-08-03T05:32:59.921Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=2066839 https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.