gsd - gsd-2022-3172

gsd-2022-3172

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Aliases

CVE-2022-3172

Aliases

CVE-2022-3172

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-3172",
    "id": "GSD-2022-3172",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-3172.html",
      "https://access.redhat.com/errata/RHSA-2022:7398"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-3172"
      ],
      "details": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL.  This could\n lead to the client performing unexpected actions as well as forwarding \nthe client\u0027s API server credentials to third parties.\n",
      "id": "GSD-2022-3172",
      "modified": "2023-12-13T01:19:39.814777Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@kubernetes.io",
        "ID": "CVE-2022-3172",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "kube-apiserver",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "v1.25.0"
                              },
                              {
                                "lessThanOrEqual": "v1.24.4",
                                "status": "affected",
                                "version": "v1.24.0",
                                "versionType": "semver"
                              },
                              {
                                "lessThanOrEqual": "v1.23.10",
                                "status": "affected",
                                "version": "v1.23.0",
                                "versionType": "semver"
                              },
                              {
                                "lessThanOrEqual": "v1.22.13",
                                "status": "affected",
                                "version": "v1.22.0",
                                "versionType": "semver"
                              },
                              {
                                "status": "unaffected",
                                "version": "v1.25.1"
                              },
                              {
                                "status": "unaffected",
                                "version": "v1.24.5"
                              },
                              {
                                "status": "unaffected",
                                "version": "v1.23.11"
                              },
                              {
                                "status": "unaffected",
                                "version": "v1.22.14"
                              },
                              {
                                "lessThanOrEqual": "v1.21.14",
                                "status": "affected",
                                "version": "0",
                                "versionType": "semver"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Kubernetes"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Nicolas Joly"
        },
        {
          "lang": "en",
          "value": "Weinong Wang"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL.  This could\n lead to the client performing unexpected actions as well as forwarding \nthe client\u0027s API server credentials to third parties.\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-918",
                "lang": "eng",
                "value": "CWE-918 Server-Side Request Forgery (SSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/kubernetes/kubernetes/issues/112513",
            "refsource": "MISC",
            "url": "https://github.com/kubernetes/kubernetes/issues/112513"
          },
          {
            "name": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231221-0005/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231221-0005/"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D740494E-6332-4421-BE43-C0CEB179CBA6",
                    "versionEndIncluding": "1.21.14",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "57CC215D-A8DA-4D7F-8FF6-A1FC8451DEDD",
                    "versionEndExcluding": "1.22.14",
                    "versionStartIncluding": "1.22.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1E67C91E-260F-4C6B-BEE1-44B9C7F29C35",
                    "versionEndExcluding": "1.23.11",
                    "versionStartIncluding": "1.23.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:kubernetes:apiserver:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9D2847AF-B9A8-40FF-AED5-0BBAEF012BA9",
                    "versionEndExcluding": "1.24.5",
                    "versionStartIncluding": "1.24.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:kubernetes:apiserver:1.25.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A049EC76-7250-484F-99AE-BBF05EA04225",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A security issue was discovered in kube-apiserver that allows an \naggregated API server to redirect client traffic to any URL.  This could\n lead to the client performing unexpected actions as well as forwarding \nthe client\u0027s API server credentials to third parties.\n"
          },
          {
            "lang": "es",
            "value": "Se descubri\u00f3 un problema de seguridad en kube-apiserver que permite que un servidor API agregado redirija el tr\u00e1fico del cliente a cualquier URL. Esto podr\u00eda llevar a que el cliente realice acciones inesperadas, as\u00ed como a que reenv\u00ede las credenciales del servidor API del cliente a terceros."
          }
        ],
        "id": "CVE-2022-3172",
        "lastModified": "2023-12-21T22:15:08.130",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 4.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 1.0,
              "impactScore": 3.7,
              "source": "jordan@liggitt.net",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-11-03T20:15:08.550",
        "references": [
          {
            "source": "jordan@liggitt.net",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://github.com/kubernetes/kubernetes/issues/112513"
          },
          {
            "source": "jordan@liggitt.net",
            "tags": [
              "Mailing List"
            ],
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak"
          },
          {
            "source": "jordan@liggitt.net",
            "url": "https://security.netapp.com/advisory/ntap-20231221-0005/"
          }
        ],
        "sourceIdentifier": "jordan@liggitt.net",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-918"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-918"
              }
            ],
            "source": "jordan@liggitt.net",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

cve-2022-3172

Vulnerability from cvelistv5

Published

2023-11-03 18:11

Modified

2024-08-03 01:00

Severity ?

5.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

Summary

Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF)

References

▼	URL	Tags
	https://github.com/kubernetes/kubernetes/issues/112513	issue-tracking
	https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak	mailing-list
	https://security.netapp.com/advisory/ntap-20231221-0005/

Impacted products

▼	Vendor	Product
	Kubernetes	kube-apiserver

Show details on NVD website