CVE-2022-2995 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-2995 Interim 1 6 2025-05-31T23:14:18Z current 2022-08-26T23:40:05Z 2025-05-31T23:14:18Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-2995 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 cri-o cri-o-kubeadm-criconfig cri-o as a component of SUSE CaaS Platform 4.0 cri-o-kubeadm-criconfig as a component of SUSE CaaS Platform 4.0 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. CVE-2022-2995 SUSE CaaS Platform 4.0:cri-o SUSE CaaS Platform 4.0:cri-o-kubeadm-criconfig moderate 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N