logo

Database

Improper authorization control for web services In github.com/cri-o/cri-o

Description

Incorrect Permission Assignment for Critical Resource in CRI-O An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-05322. NVD-2022-05323. OSV-2022-05324. GCVE-2022-0532

References

1. https://github.com/cri-o/cri-o/pull/56102. https://bugzilla.redhat.com/show_bug.cgi?id=20517303. https://github.com/cri-o/cri-o/releases/tag/v1.23.14. https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.