CVE-2022-3172

CVSS v3.1 8.2 (High)

EPSS 0.06 % (28^th)

Affected Products 1

Advisories 4

A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client's API server credentials to third parties.

Weaknesses

CWE-918: Server-Side Request Forgery (SSRF)

CVE Status: PUBLISHED
CNA: Kubernetes
Published Date: 2023-11-03 20:15:08
(10 months ago)
Updated Date: 2023-12-21 22:15:08
(9 months ago)

Affected Products

Kubernetes

Apiserver

Configuration #1

	CPE23	From	Up To
Kubernetes Apiserver 1.21.14 and prior versions	cpe:2.3:a:kubernetes:apiserver		<= 1.21.14
Kubernetes Apiserver from 1.22.0 version and prior 1.22.14 version	cpe:2.3:a:kubernetes:apiserver	>= 1.22.0	< 1.22.14
Kubernetes Apiserver from 1.23.0 version and prior 1.23.11 version	cpe:2.3:a:kubernetes:apiserver	>= 1.23.0	< 1.23.11
Kubernetes Apiserver from 1.24.0 version and prior 1.24.5 version	cpe:2.3:a:kubernetes:apiserver	>= 1.24.0	< 1.24.5
Kubernetes Apiserver 1.25.0	cpe:2.3:a:kubernetes:apiserver:1.25.0