Main Vulnerability Database Vulnerabilities #VU71364

Improper access control in apiserver - CVE-2022-3162

Published: January 19, 2023

Vulnerability identifier: #VU71364

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-3162

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Kubernetes

Affected software:
apiserver

Detailed vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read.

How to mitigate CVE-2022-3162

Install updates from vendor's website.

Sources

https://access.redhat.com/errata/RHSA-2022:7399

Improper access control in apiserver - CVE-2022-3162

Detailed vulnerability description

How to mitigate CVE-2022-3162

Sources

Please verify you're human