Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3172

Опубликовано: 16 сент. 2022
Источник: redhat
CVSS3: 5.1
EPSS Низкий

Описание

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11atomic-openshiftOut of support scope
Red Hat OpenShift Container Platform 4openshift4/ose-openshift-apiserver-rhel9Not affected
Red Hat OpenShift Container Platform 4openshift4/ose-testsWill not fix
Red Hat Openshift Container Storage 4ocs4/ocs-rhel8-operatorOut of support scope
Red Hat OpenShift Container Platform 4.10openshiftFixedRHSA-2023:165512.04.2023
Red Hat OpenShift Container Platform 4.11openshiftFixedRHBA-2022:720002.11.2022
Red Hat OpenShift Container Platform 4.12openshiftFixedRHSA-2022:739817.01.2023
RHODF-4.12-RHEL-8odf4/ocs-rhel8-operatorFixedRHSA-2023:360914.06.2023
RHODF-4.12-RHEL-8odf4/odf-rhel8-operatorFixedRHSA-2023:360914.06.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-918
https://bugzilla.redhat.com/show_bug.cgi?id=2127804kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)

EPSS

Процентиль: 88%
0.04024
Низкий

5.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3172

CVSS3: 5.1
ubuntu
почти 2 года назад

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

nvd логотип

CVE-2022-3172

CVSS3: 5.1
nvd
почти 2 года назад

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

debian логотип

CVE-2022-3172

CVSS3: 5.1
debian
почти 2 года назад

A security issue was discovered in kube-apiserver that allows an aggr ...

oracle-oval логотип

ELSA-2022-9856

oracle-oval
почти 3 года назад

ELSA-2022-9856: kubernetes security update (IMPORTANT)

oracle-oval логотип

ELSA-2022-9855

oracle-oval
почти 3 года назад

ELSA-2022-9855: kubernetes security update (IMPORTANT)

EPSS

Процентиль: 88%
0.04024
Низкий

5.1 Medium

CVSS3