Vulnerabilities > Kubernetes > CRI O > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-25 | CVE-2022-4318 | Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products A vulnerability was found in cri-o. | 7.8 |
2022-09-19 | CVE-2022-2995 | Incorrect Permission Assignment for Critical Resource vulnerability in Kubernetes Cri-O 1.25.0 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | 7.1 |
2022-06-07 | CVE-2022-1708 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. | 7.5 |
2022-03-16 | CVE-2022-0811 | Code Injection vulnerability in Kubernetes Cri-O A flaw was found in CRI-O in the way it set kernel options for a pod. | 8.8 |
2018-05-18 | CVE-2018-1000400 | Improper Privilege Management vulnerability in Kubernetes Cri-O Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. | 8.8 |