CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/112513	Issue Tracking Vendor Advisory
https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak	Mailing List
https://security.netapp.com/advisory/ntap-20231221-0005/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kubernetes:apiserver::::::::
	cpe:2.3:a:kubernetes:apiserver::::::::
	cpe:2.3:a:kubernetes:apiserver::::::::
	cpe:2.3:a:kubernetes:apiserver::::::::
	cpe:2.3:a:kubernetes:apiserver:1.25.0:::::::*

History

21 Dec 2023, 22:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20231221-0005/ -

14 Nov 2023, 16:26

Type	Values Removed	Values Added
First Time		Kubernetes Kubernetes apiserver
CPE		cpe:2.3:a:kubernetes:apiserver:1.25.0:::::::* cpe:2.3:a:kubernetes:apiserver::::::::
CWE		CWE-918
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.2
References	~~(MISC) https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak -~~	(MISC) https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak - Mailing List
References	~~(MISC) https://github.com/kubernetes/kubernetes/issues/112513 -~~	(MISC) https://github.com/kubernetes/kubernetes/issues/112513 - Issue Tracking, Vendor Advisory

03 Nov 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-03 20:15

Updated : 2023-12-21 22:15

NVD link : CVE-2022-3172

Mitre link : CVE-2022-3172

CVE.ORG link : CVE-2022-3172

JSON object : View

Products Affected

kubernetes

apiserver

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2022-3172", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "jordan@liggitt.net", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.0}]}, "published": "2023-11-03T20:15:08.550", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/112513", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak", "tags": ["Mailing List"], "source": "jordan@liggitt.net"}, {"url": "https://security.netapp.com/advisory/ntap-20231221-0005/", "source": "jordan@liggitt.net"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "jordan@liggitt.net", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL. This could\n lead to the client performing unexpected actions as well as forwarding \nthe client's API server credentials to third parties.\n"}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en kube-apiserver que permite que un servidor API agregado redirija el tr\u00e1fico del cliente a cualquier URL. Esto podr\u00eda llevar a que el cliente realice acciones inesperadas, as\u00ed como a que reenv\u00ede las credenciales del servidor API del cliente a terceros."}], "lastModified": "2023-12-21T22:15:08.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D740494E-6332-4421-BE43-C0CEB179CBA6", "versionEndIncluding": "1.21.14"}, {"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57CC215D-A8DA-4D7F-8FF6-A1FC8451DEDD", "versionEndExcluding": "1.22.14", "versionStartIncluding": "1.22.0"}, {"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E67C91E-260F-4C6B-BEE1-44B9C7F29C35", "versionEndExcluding": "1.23.11", "versionStartIncluding": "1.23.0"}, {"criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D2847AF-B9A8-40FF-AED5-0BBAEF012BA9", "versionEndExcluding": "1.24.5", "versionStartIncluding": "1.24.0"}, {"criteria": "cpe:2.3:a:kubernetes:apiserver:1.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A049EC76-7250-484F-99AE-BBF05EA04225"}], "operator": "OR"}]}], "sourceIdentifier": "jordan@liggitt.net"}