Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3162

Опубликовано: 10 нояб. 2022
Источник: redhat
CVSS3: 6.5

Описание

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11atomic-openshiftOut of support scope
Red Hat OpenShift Container Platform 4openshift4/ose-testsWill not fix
Red Hat OpenShift Container Platform 4.12openshiftFixedRHSA-2022:739817.01.2023
Red Hat OpenShift Container Platform 4.12microshiftFixedRHSA-2023:077220.02.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2136673kubernetes: Unauthorized read of Custom Resources

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3162

CVSS3: 6.5
ubuntu
больше 2 лет назад

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

nvd логотип

CVE-2022-3162

CVSS3: 6.5
nvd
больше 2 лет назад

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

msrc логотип

CVE-2022-3162

CVSS3: 6.5
msrc
4 месяца назад

Описание отсутствует

debian логотип

CVE-2022-3162

CVSS3: 6.5
debian
больше 2 лет назад

Users authorized to list or watch one type of namespaced custom resour ...

github логотип

GHSA-2394-5535-8j88

CVSS3: 6.5
github
больше 2 лет назад

Kubernetes vulnerable to path traversal

6.5 Medium

CVSS3