CVE-2022-3962
Summary
| CVE | CVE-2022-3962 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-23 20:15:00 UTC |
| Updated | 2023-11-07 03:52:00 UTC |
| Description | A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kiali | Kiali | - | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 8.0 | All | All | All |
| Application | Redhat | Openshift Service Mesh | 2.3.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2148661 – (CVE-2022-3962) CVE-2022-3962 kiali: error message spoofing in kiali UI | MISC | bugzilla.redhat.com | |
| cve-details | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995398 GO (Go) Security Update for github.com/kiali/kiali (GHSA-6f4m-j56w-55c3)