Vulnerability CVE-2022-3172: Information

Description

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Severity: HIGH (8.2) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-3172

Published: Nov. 3, 2023

Modified: Dec. 22, 2023

Error type identifier: CWE-918

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://github.com/kubernetes/kubernetes/issues/112513	Issue Tracking Vendor Advisory
https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak	Mailing List
https://security.netapp.com/advisory/ntap-20231221-0005/

Affected configurations:
1. Configuration 1
  cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*
  End including
  1.21.14
  cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*
  Start including
  1.22.0
  End excliding
  1.22.14
  cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*
  Start including
  1.23.0
  End excliding
  1.23.11
  cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*
  Start including
  1.24.0
  End excliding
  1.24.5
  cpe:2.3:a:kubernetes:apiserver:1.25.0:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2022-3172: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1