CVE-2022-3466

MEDIUM EPSS 11.5%
Published Sep 15, 20232y ago · Modified Jun 17, 20261w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Sep 15, 2023 2y ago
Last Modified Jun 17, 2026 1w ago

Description

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

CVSS Details

Base Score
5.3
Exploitability
1.8
Impact
3.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low

Threat Intelligence

EPSS Exploit Probability
11.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-276

Affected Products 3

VendorProductVersionRange
kubernetescri-o*any
redhatopenshift_container_platform3.11any
redhatopenshift_container_platform4.12any

References 3

  • access.redhat.com https://access.redhat.com/errata/RHSA-2022:7398
    Vendor Advisory
  • access.redhat.com https://access.redhat.com/security/cve/CVE-2022-3466
    Vendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2134063
    Issue TrackingVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.