Vulnerabilities > Kubernetes > CRI O > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2022-3466 | Incorrect Default Permissions vulnerability in multiple products The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. | 5.3 |
| 2022-04-18 | CVE-2022-27652 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. | 4.6 |
| 2022-02-09 | CVE-2022-0532 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. | 4.9 |
| 2019-11-25 | CVE-2019-14891 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. | 6.0 |
| 2018-05-18 | CVE-2018-1000400 | Improper Privilege Management vulnerability in Kubernetes Cri-O Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. | 6.5 |