Input validation error in Kiali - CVE-2022-3962

 

Input validation error in Kiali - CVE-2022-3962

Published: January 31, 2023


Vulnerability identifier: #VU71694
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-3962
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Kiali
Affected software:
Kiali

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input on the login page. A remote attacker can inject arbitrary text into error message that will be displayed to the user after following a specially crafted link.


How to mitigate CVE-2022-3962

Install updates from vendor's website.

Sources