Sign In

CVE-2022-2995

ADVISORY - github

Summary

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

EPSS Score: 0.00032 (0.089)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-284

Improper Access Control

CWE-732

Incorrect Permission Assignment for Critical Resource

ADVISORY - github

CWE-284

Improper Access Control

CWE-732

Incorrect Permission Assignment for Critical Resource

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-863

Incorrect Authorization

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-284

Improper Access Control

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2022-2995
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-284CWE-732

CVSS SCORE

7.1high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-phjr-8j92-w5v7
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-284CWE-732

CVSS SCORE

7.1high

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2022-2995
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.1medium

GoLang

CREATED

UPDATED

ADVISORY IDGO-2022-1008
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

GoLang

CREATED

UPDATED

ADVISORY IDGO-2022-1014
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

GoLang

CREATED

UPDATED

ADVISORY IDGO-2023-1574
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2022-2995

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-732CWE-78CWE-937

CVSS SCORE

7.1high

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2023-25173

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-863CWE-937

CVSS SCORE

7.8high

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2022-2995
EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-284

CVSS SCORE

3.6low

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2022-2995
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY