CVE-2022-3172

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
03/11/2023
Last modified:
13/02/2025

Description

A security issue was discovered in kube-apiserver that allows an <br /> aggregated API server to redirect client traffic to any URL. This could<br /> lead to the client performing unexpected actions as well as forwarding <br /> the client&amp;#39;s API server credentials to third parties.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:* 1.21.14 (including)
cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:* 1.22.0 (including) 1.22.14 (excluding)
cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:* 1.23.0 (including) 1.23.11 (excluding)
cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:* 1.24.0 (including) 1.24.5 (excluding)
cpe:2.3:a:kubernetes:apiserver:1.25.0:*:*:*:*:*:*:*