Vulnerabilities > Kubernetes > CRI O > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-15 CVE-2022-3466 Incorrect Default Permissions vulnerability in multiple products
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600.
local
low complexity
kubernetes redhat CWE-276
5.3
2022-04-18 CVE-2022-27652 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions.
5.3
2022-02-09 CVE-2022-0532 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier.
network
high complexity
kubernetes redhat CWE-732
4.2
2019-11-25 CVE-2019-14891 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup.
network
high complexity
kubernetes fedoraproject redhat CWE-754
5.0