{"api_version":"1","generated_at":"2026-04-23T02:37:12+00:00","cve":"CVE-2022-3162","urls":{"html":"https://cve.report/CVE-2022-3162","api":"https://cve.report/api/cve/CVE-2022-3162.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-3162","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-3162"},"summary":{"title":"CVE-2022-3162","description":"Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.","state":"PUBLIC","assigner":"security@kubernetes.io","published_at":"2023-03-01 19:15:00","updated_at":"2023-05-11 15:15:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20230511-0004/","name":"https://security.netapp.com/advisory/ntap-20230511-0004/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-3162 Kubernetes Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA","name":"N/A","refsource":"MLIST","tags":[],"title":"[Security Advisory] CVE-2022-3162: Unauthorized read of Custom Resources","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/kubernetes/kubernetes/issues/113756","name":"N/A","refsource":"CONFIRM","tags":[],"title":"CVE-2022-3162: Unauthorized read of Custom Resources · Issue #113756 · kubernetes/kubernetes · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-3162","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3162","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Richard Turnbull of NCC Group","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"3162","vulnerable":"1","versionEndIncluding":"1.22.15","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kubernetes","cpe5":"kubernetes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3162","vulnerable":"1","versionEndIncluding":"1.23.13","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kubernetes","cpe5":"kubernetes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3162","vulnerable":"1","versionEndIncluding":"1.24.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kubernetes","cpe5":"kubernetes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3162","vulnerable":"1","versionEndIncluding":"1.25.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kubernetes","cpe5":"kubernetes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-3162","qid":"160338","title":"Oracle Enterprise Linux Security Update for kubernetes (ELSA-2022-10034)"},{"cve":"CVE-2022-3162","qid":"160339","title":"Oracle Enterprise Linux Security Update for kubernetes (ELSA-2022-10035)"},{"cve":"CVE-2022-3162","qid":"160340","title":"Oracle Enterprise Linux Security Update for kubernetes (ELSA-2022-10033)"},{"cve":"CVE-2022-3162","qid":"160341","title":"Oracle Enterprise Linux Security Update for kubernetes (ELSA-2022-10036)"},{"cve":"CVE-2022-3162","qid":"181205","title":"Debian Security Update for kubernetes (CVE-2022-3162)"},{"cve":"CVE-2022-3162","qid":"241070","title":"Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2022:7398)"},{"cve":"CVE-2022-3162","qid":"241196","title":"Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:0772)"},{"cve":"CVE-2022-3162","qid":"283329","title":"Fedora Security Update for kubernetes (FEDORA-2022-2004702d98)"},{"cve":"CVE-2022-3162","qid":"283408","title":"Fedora Security Update for kubernetes (FEDORA-2022-8647729ff8)"},{"cve":"CVE-2022-3162","qid":"377844","title":"Kubernetes Unauthorized Read of Custom Resources Vulnerability"},{"cve":"CVE-2022-3162","qid":"754042","title":"SUSE Enterprise Linux Security Update for kubernetes1.23 (SUSE-SU-2023:2292-1)"},{"cve":"CVE-2022-3162","qid":"770172","title":"Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2022:7398)"},{"cve":"CVE-2022-3162","qid":"770177","title":"Red Hat OpenShift Container Platform 4.12 Security Update (RHSA-2023:0772)"},{"cve":"CVE-2022-3162","qid":"905698","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kube-vip-cloud-provider (13782)"},{"cve":"CVE-2022-3162","qid":"905699","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for keda (13781)"},{"cve":"CVE-2022-3162","qid":"905700","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rook (13783)"},{"cve":"CVE-2022-3162","qid":"905702","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cert-manager (13780)"},{"cve":"CVE-2022-3162","qid":"906939","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cert-manager (13780-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@kubernetes.io","DATE_PUBLIC":"2022-11-10T17:14:00.000Z","ID":"CVE-2022-3162","STATE":"PUBLIC","TITLE":"Unauthorized read of Custom Resources"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Kubernetes","version":{"version_data":[{"version_affected":"<=","version_value":"v1.25.3"},{"version_affected":"<=","version_value":"v1.24.7"},{"version_affected":"<=","version_value":"v1.23.13"},{"version_affected":"<=","version_value":"v1.22.15"}]}}]},"vendor_name":"Kubernetes"}]}},"credit":[{"lang":"eng","value":"Richard Turnbull of NCC Group"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-23 Relative Path Traversal"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA","name":"https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA"},{"refsource":"MISC","url":"https://github.com/kubernetes/kubernetes/issues/113756","name":"https://github.com/kubernetes/kubernetes/issues/113756"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230511-0004/","url":"https://security.netapp.com/advisory/ntap-20230511-0004/"}]},"source":{"defect":["https://github.com/kubernetes/kubernetes/issues/113756"],"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2023-03-01 19:15:00","lastModifiedDate":"2023-05-11 15:15:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*","versionStartIncluding":"1.25.0","versionEndIncluding":"1.25.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*","versionStartIncluding":"1.24.0","versionEndIncluding":"1.24.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*","versionStartIncluding":"1.23.0","versionEndIncluding":"1.23.13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*","versionEndIncluding":"1.22.15","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}