Vulnerabilities > CVE-2022-3172 - Server-Side Request Forgery (SSRF) vulnerability in Kubernetes Apiserver

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

kubernetes

CWE-918

NVD

Published: 2023-11-03

Updated: 2023-12-21

Summary

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Vulnerable Configurations

Part	Description	Count
Application	Kubernetes Kubernetes Apiserver - Kubernetes Apiserver 1.21.14 Kubernetes Apiserver 1.22.0 Kubernetes Apiserver 1.22.13 Kubernetes Apiserver 1.23.0 Kubernetes Apiserver 1.23.10 Kubernetes Apiserver 1.24.0 Kubernetes Apiserver 1.24.4 Kubernetes Apiserver 1.25.0	35

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References