CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/112513	Issue Tracking Vendor Advisory
https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak	Mailing List
https://security.netapp.com/advisory/ntap-20231221-0005/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kubernetes:apiserver::::::::
	cpe:2.3:a:kubernetes:apiserver::::::::
	cpe:2.3:a:kubernetes:apiserver::::::::
	cpe:2.3:a:kubernetes:apiserver::::::::
	cpe:2.3:a:kubernetes:apiserver:1.25.0:::::::*

History

No history.

Information

Published : 2023-11-03 20:15

Updated : 2023-12-21 22:15

NVD link : CVE-2022-3172

Mitre link : CVE-2022-3172

CVE.ORG link : CVE-2022-3172

JSON object : View

Products Affected

kubernetes

apiserver

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2022-3172", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "jordan@liggitt.net", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.0}]}, "published": "2023-11-03T20:15:08.550", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/112513", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak", "tags": ["Mailing List"], "source": "jordan@liggitt.net"}, {"url": "https://security.netapp.com/advisory/ntap-20231221-0005/", "source": "jordan@liggitt.net"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "jordan@liggitt.net", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL. This could\n lead to the client performing unexpected actions as well as forwarding \nthe client's API server credentials to third parties.\n"}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en kube-apiserver que permite que un servidor API agregado redirija el tr\u00e1fico del cliente a cualquier URL. Esto podr\u00eda llevar a que el cliente realice acciones inesperadas, as\u00ed como a que reenv\u00ede las credenciales del servidor API del cliente a terceros."}], "lastModified": "2023-12-21T22:15:08.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D740494E-6332-4421-BE43-C0CEB179CBA6", "versionEndIncluding": "1.21.14"}, {"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57CC215D-A8DA-4D7F-8FF6-A1FC8451DEDD", "versionEndExcluding": "1.22.14", "versionStartIncluding": "1.22.0"}, {"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E67C91E-260F-4C6B-BEE1-44B9C7F29C35", "versionEndExcluding": "1.23.11", "versionStartIncluding": "1.23.0"}, {"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D2847AF-B9A8-40FF-AED5-0BBAEF012BA9", "versionEndExcluding": "1.24.5", "versionStartIncluding": "1.24.0"}, {"criteria": "cpe:2.3:a:kubernetes:apiserver:1.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A049EC76-7250-484F-99AE-BBF05EA04225"}], "operator": "OR"}]}], "sourceIdentifier": "jordan@liggitt.net"}