vulnerability
Red Hat OpenShift: CVE-2022-3466: cri-o: Security regression of
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:P/I:P/A:P) | Jan 18, 2023 | Jan 18, 2023 | Aug 11, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:S/C:P/I:P/A:P)
Published
Jan 18, 2023
Added
Jan 18, 2023
Modified
Aug 11, 2025
Description
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.
Solution
linuxrpm-upgrade-cri-o
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.