CVE-2022-3172

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-3172
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3172.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-3172
Downstream
Published
2023-11-03T20:15:08.550Z
Modified
2026-02-03T07:33:38.229804Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

References

Affected packages

Git / github.com/kubernetes/apiserver

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes/apiserver
Events
Introduced
5dc525b156d2bb030a37924dc0acf1ac1c2f1da3
Fixed
778eede58b18cc538a84cf48a2c967a71a84f9e1
Introduced
3b761878e82bcbbfa3b462afd87651ada147b10c
Fixed
81834bef33d52c0274ed187af33d8fdf7ae28f43
Introduced
a2c383e26aa8fce62b048d347bd4ad5d07fddab0
Fixed
d43bcd693c0c14de0281f7e4f300200654ed48a2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3172.json"

Git / github.com/kubernetes/kubernetes

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes/kubernetes
Events
Introduced
c2b5237ccd9c0f1d600d3072634ca66cefdf272f
Fixed
bccf857df03c5a99a35e34020b3b63055f0c12ec
Introduced
ab69524f795c42094a6630298ff53f3c3ebab7f4
Fixed
dc2898b20c6bd9602ae1c3b51333e2e4640ed249
Introduced
4ce5a8954017644c5420bae81d72b09b735c21f0
Fixed
e979822c185a14537054f15808a118d7fcce1d6e

Affected versions

v1.*
v1.22.0
v1.22.1
v1.22.1-rc.0
v1.22.10
v1.22.10-rc.0
v1.22.11
v1.22.11-rc.0
v1.22.12
v1.22.12-rc.0
v1.22.13
v1.22.13-rc.0
v1.22.14-rc.0
v1.22.2
v1.22.2-rc.0
v1.22.3
v1.22.3-rc.0
v1.22.4
v1.22.4-rc.0
v1.22.5
v1.22.5-rc.0
v1.22.6
v1.22.6-rc.0
v1.22.7
v1.22.7-rc.0
v1.22.8
v1.22.8-rc.0
v1.22.9
v1.22.9-rc.0
v1.23.0
v1.23.1
v1.23.1-rc.0
v1.23.10
v1.23.10-rc.0
v1.23.11-rc.0
v1.23.2
v1.23.2-rc.0
v1.23.3
v1.23.3-rc.0
v1.23.4
v1.23.4-rc.0
v1.23.5
v1.23.5-rc.0
v1.23.6
v1.23.6-rc.0
v1.23.7
v1.23.7-rc.0
v1.23.8
v1.23.8-rc.0
v1.23.9
v1.23.9-rc.0
v1.24.0
v1.24.1
v1.24.1-rc.0
v1.24.2
v1.24.2-rc.0
v1.24.3
v1.24.3-rc.0
v1.24.4
v1.24.4-rc.0
v1.24.5-rc.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3172.json"