A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HFedora Project Extra Packages For Enterprise Linux
APPFedoraproject8.0Fedora Project Fedora
OSFedoraproject3637Kubernetes Cri O
APPKuberneteswszystkie wersjeRed Hat Enterprise Linux
OSRedhat8.09.0Red Hat Openshift Container Platform For Arm64
APPRedhat4.114.12Red Hat Openshift Container Platform For Linuxone
APPRedhat4.114.12Red Hat Openshift Container Platform For Power
APPRedhat4.114.12Red Hat Openshift Container Platform IBM Z Systems
APPRedhat4.114.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
CVE-2024-4947CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
CVE-2024-4671CRITICAL9.6⚠ KEVPL ✓ten sam produkt
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox