CVE-2022-3172
Summary
| CVE | CVE-2022-3172 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-11-03 20:15:00 UTC |
|---|
| Updated | 2023-12-21 22:15:00 UTC |
|---|
| Description | A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client's API server credentials to third parties. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| CVE-2022-3172 Kubernetes Vulnerability in NetApp Products | NetApp Product Security |
|
security.netapp.com |
|
| [Security Advisory] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) |
MISC |
groups.google.com |
|
| CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) · Issue #112513 · kubernetes/kubernetes · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160120 Oracle Enterprise Linux Security Update for kubernetes (ELSA-2022-9856)
- 160121 Oracle Enterprise Linux Security Update for kubernetes (ELSA-2022-9855)
- 160127 Oracle Enterprise Linux Security Update for kubernetes (ELSA-2022-9853)
- 160128 Oracle Enterprise Linux Security Update for kubernetes (ELSA-2022-9854)
- 181090 Debian Security Update for kubernetes (CVE-2022-3172)
- 241070 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2022:7398)
- 241340 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:1655)
- 770172 Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2022:7398)
- 770184 Red Hat OpenShift Container Platform 4.10 Security Update (RHSA-2023:1655)
