-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/cri-o/cri-o: CVE-2022-2995 #1014
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
neild
added
the
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
label
Sep 20, 2022
Change https://go.dev/cl/432173 mentions this issue: |
Change https://go.dev/cl/592774 mentions this issue: |
Change https://go.dev/cl/607230 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
- data/reports/GO-2022-0985.yaml - data/reports/GO-2022-0986.yaml - data/reports/GO-2022-0987.yaml - data/reports/GO-2022-0989.yaml - data/reports/GO-2022-0995.yaml - data/reports/GO-2022-1000.yaml - data/reports/GO-2022-1006.yaml - data/reports/GO-2022-1014.yaml - data/reports/GO-2022-1015.yaml - data/reports/GO-2022-1019.yaml - data/reports/GO-2022-1021.yaml - data/reports/GO-2022-1023.yaml - data/reports/GO-2022-1029.yaml - data/reports/GO-2022-1032.yaml - data/reports/GO-2022-1033.yaml - data/reports/GO-2022-1060.yaml - data/reports/GO-2022-1062.yaml - data/reports/GO-2022-1065.yaml - data/reports/GO-2022-1066.yaml - data/reports/GO-2022-1067.yaml Updates #985 Updates #986 Updates #987 Updates #989 Updates #995 Updates #1000 Updates #1006 Updates #1014 Updates #1015 Updates #1019 Updates #1021 Updates #1023 Updates #1029 Updates #1032 Updates #1033 Updates #1060 Updates #1062 Updates #1065 Updates #1066 Updates #1067 Change-Id: I27b6f79e1898a13040a758a71348464c5e7c72a9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607230 Auto-Submit: Tatiana Bradley <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]> Commit-Queue: Tatiana Bradley <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2022-2995 references github.com/cri-o/cri-o, which may be a Go module.
Description:
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
References:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: