Vulnerability Details CVE-2022-3172
A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client's API server credentials to third parties.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.3%
CVSS Severity
CVSS v3 Score 5.1
References
- https://github.com/kubernetes/kubernetes/issues/112513
- https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak
- https://security.netapp.com/advisory/ntap-20231221-0005/
- https://github.com/kubernetes/kubernetes/issues/112513
- https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak
- https://security.netapp.com/advisory/ntap-20231221-0005/
Products affected by CVE-2022-3172
-
cpe:2.3:a:kubernetes:apiserver:-
-
cpe:2.3:a:kubernetes:apiserver:1.21.14
-
cpe:2.3:a:kubernetes:apiserver:1.22.0
-
cpe:2.3:a:kubernetes:apiserver:1.22.13
-
cpe:2.3:a:kubernetes:apiserver:1.23.0
-
cpe:2.3:a:kubernetes:apiserver:1.23.10
-
cpe:2.3:a:kubernetes:apiserver:1.24.0
-
cpe:2.3:a:kubernetes:apiserver:1.24.4
-
cpe:2.3:a:kubernetes:apiserver:1.25.0