You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
passwd injection
About this tag
The tag passwd injection on WindowsForum.com covers security vulnerabilities where attackers manipulate the /etc/passwd file through injection techniques. A key example is CVE-2022-4318, a newline injection flaw in the CRI-O container runtime that allows crafted environment variables to inject arbitrary lines into a container's /etc/passwd, bypassing admission validation and potentially leading to privilege escalation in Kubernetes clusters. This tag includes discussions on container security, runtime hardening, and patching strategies for platforms like OpenShift. The content is relevant for IT professionals managing containerized environments and seeking to understand passwd injection risks and mitigations.
A quietly serious flaw in the CRI‑O container runtime — tracked as CVE‑2022‑4318 — lets a crafted environment variable inject arbitrary lines into a container’s /etc/passwd, enabling admission‑validation bypasses and, in specific cluster configurations, a path to privilege escalation; the bug...