CVE-2022-3162

Опубликовано: 01 мар. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 6.5

Описание

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/noble	not-affected	code not present
focal	ignored	end of standard support, was needs-triage
jammy	not-affected	code not present
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2022-3162

EPSS

Процентиль: 73%

0.00795

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-3162

CVSS3: 6.5

redhat

около 3 лет назад

CVE-2022-3162

CVSS3: 6.5

nvd

почти 3 года назад

CVE-2022-3162

CVSS3: 6.5

msrc

10 месяцев назад

Описание отсутствует

CVE-2022-3162

CVSS3: 6.5

debian

почти 3 года назад

Users authorized to list or watch one type of namespaced custom resour ...

GHSA-2394-5535-8j88

CVSS3: 6.5

github

почти 3 года назад

Kubernetes vulnerable to path traversal

EPSS

Процентиль: 73%

0.00795

Низкий

6.5 Medium

CVSS3

CVE-2022-3162

Описание

Пакет kubernetes

Ссылки на источники

Связанные уязвимости