Main Vulnerability Database Vulnerabilities #VU71364

#VU71364 Improper access control in apiserver - CVE-2022-3162

Published: January 19, 2023

Vulnerability identifier: #VU71364

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-3162

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
apiserver

Software vendor:
Kubernetes

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2022:7399

#VU71364 Improper access control in apiserver - CVE-2022-3162

Description

Remediation

External links

Please verify you're human