Known Vulnerabilities for Cri-o by Kubernetes
Listed below are 9 of the newest known vulnerabilities associated with "Cri-o" by "Kubernetes".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-27652 json | A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was ... | 5.3 - MEDIUM | 2022-04-18 | 2022-04-27 |
| CVE-2022-4318 json | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially ... | 7.8 - HIGH | 2023-09-25 | 2023-11-07 |
| CVE-2022-3466 json | The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHB... | 5.3 - MEDIUM | 2023-09-15 | 2023-11-07 |
| CVE-2022-2995 json | Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure o... | 7.1 - HIGH | 2022-09-19 | 2022-09-21 |
| CVE-2022-1708 json | A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube... | 7.5 - HIGH | 2022-06-07 | 2023-07-24 |
| CVE-2022-0811 json | A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on... | 8.8 - HIGH | 2022-03-16 | 2022-03-28 |
| CVE-2022-0532 json | An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctl... | 4.2 - MEDIUM | 2022-02-09 | 2022-02-22 |
| CVE-2019-14891 json | A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result i... | 5 - MEDIUM | 2019-11-25 | 2020-02-28 |
| CVE-2018-1000400 json | Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of... | 8.8 - HIGH | 2018-05-18 | 2019-10-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kubernetes | Cri-o | 1.9.9 | |||
| Application | Kubernetes | Cri-o | 1.9.8 | |||
| Application | Kubernetes | Cri-o | 1.9.7 | |||
| Application | Kubernetes | Cri-o | 1.9.6 | |||
| Application | Kubernetes | Cri-o | 1.9.5 | |||
| Application | Kubernetes | Cri-o | 1.9.4 | |||
| Application | Kubernetes | Cri-o | 1.9.3 | |||
| Application | Kubernetes | Cri-o | 1.9.2 | |||
| Application | Kubernetes | Cri-o | 1.9.16 | |||
| Application | Kubernetes | Cri-o | 1.9.15 | |||
| Application | Kubernetes | Cri-o | 1.9.14 | |||
| Application | Kubernetes | Cri-o | 1.9.13 | |||
| Application | Kubernetes | Cri-o | 1.9.12 | |||
| Application | Kubernetes | Cri-o | 1.9.11 | |||
| Application | Kubernetes | Cri-o | 1.9.10 | |||
| Application | Kubernetes | Cri-o | 1.9.1 | |||
| Application | Kubernetes | Cri-o | 1.9.0 | |||
| Application | Kubernetes | Cri-o | 1.9.0 | |||
| Application | Kubernetes | Cri-o | 1.9.0 | |||
| Application | Kubernetes | Cri-o | 1.8.5 |