Home > Vulnerability Database > CVE-2022-3172

Mend.io Vulnerability Database

CVE-2022-3172

Good to know:

Date: November 3, 2023

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Language: Go

Severity Score

9.8

Related Resources (8)

Url: https://security-tracker.debian.org/tracker/CVE-2022-3172

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3172

Url: https://github.com/kubernetes/kubernetes/commit/1e1b7eaec3d5943a102d704c674527524b2e091e

Url: https://github.com/kubernetes/kubernetes/issues/112513

Url: https://access.redhat.com/security/cve/cve-2022-3172

Url: https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak

Url: https://security.netapp.com/advisory/ntap-20231221-0005/

Url: https://www.mend.io/vulnerability-database/CVE-2022-3172

Severity Score

9.8

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version v0.25.1,kubernetes-1.22.14,kubernetes-1.23.11,kubernetes-1.24.5,kubernetes-1.25.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3172

Good to know:

Date: November 3, 2023

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?