Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-3172

Date: November 3, 2023

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Language: Go

Severity Score

Related Resources (8)

https://security-tracker.debian.org/tracker/CVE-2022-3172
https://nvd.nist.gov/vuln/detail/CVE-2022-3172
https://github.com/kubernetes/kubernetes/commit/1e1b7eaec3d5943a102d704c674527524b2e091e
https://github.com/kubernetes/kubernetes/issues/112513
https://access.redhat.com/security/cve/cve-2022-3172
https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak
https://security.netapp.com/advisory/ntap-20231221-0005/
https://www.mend.io/vulnerability-database/CVE-2022-3172

Severity Score

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us