Skip to main content

Cri O

7 CVEs product

Monthly

CVE-2024-5154 Go HIGH PATCH This Week

A flaw was found in cri-o. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cri O Openshift Container Platform
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-2995 Go HIGH POC PATCH This Week

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Information Disclosure Cri O
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-1708 Go HIGH POC PATCH This Week

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cri O Fedora Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-27652 Go MEDIUM PATCH This Month

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker Cri O Fedora Moby +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-0811 Go HIGH PATCH This Week

A flaw was found in CRI-O in the way it set kernel options for a pod. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Code Injection Cri O
NVD GitHub
CVSS 3.1
8.8
EPSS
18.6%
CVE-2019-14891 MEDIUM This Month

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cri O Fedora Openshift Container Platform
NVD
CVSS 3.1
5.0
EPSS
0.7%
CVE-2018-1000400 HIGH PATCH This Week

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes Cri O
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A flaw was found in cri-o. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cri O Openshift Container Platform
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Information Disclosure Cri O
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cri O Fedora +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker Cri O +3
NVD GitHub
EPSS 19% CVSS 8.8
HIGH PATCH This Week

A flaw was found in CRI-O in the way it set kernel options for a pod. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Code Injection +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cri O Fedora +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes Cri O
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy