Уязвимость CVE-2022-3162: Информация

Описание

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

Важность: MEDIUM (6,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-3162
Опубликовано: 1 марта 2023 г.
Изменено: 11 мая 2023 г.
Идентификатор типа ошибки: CWE-22

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
N/A
  • Issue Tracking
  • Vendor Advisory
N/A
  • Mailing List
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20230511-0004/

      1. Конфигурация 1

        cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
        Start including
        1.25.0
        End including
        1.25.3
        cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
        Start including
        1.24.0
        End including
        1.24.7
        cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
        Start including
        1.23.0
        End including
        1.23.13
        cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
        End including
        1.22.15
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Версия: v24.5.3
    Наверх