Cri O Kubernetes Cri O

Do you want an email whenever new security vulnerabilities are reported in Kubernetes Cri O?

By the Year

In 2022 there have been 0 vulnerabilities in Kubernetes Cri O . Cri O did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 5.00
2018 1 8.80

It may take a day or so for new Cri O vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Kubernetes Cri O Security Vulnerabilities

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup

CVE-2019-14891 5 - Medium - November 25, 2019

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

Improper Check for Unusual or Exceptional Conditions

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities

CVE-2018-1000400 8.8 - High - May 18, 2018

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.

Improper Privilege Management

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Kubernetes Cri O or by Kubernetes? Click the Watch button to subscribe.

Kubernetes
Vendor

subscribe