CVE-2022-3162

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3162

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3162.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3162

Aliases

Related

Published

2023-03-01T19:15:25Z

Modified

2024-09-18T01:00:20Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

References

Affected packages

Debian:11 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.5+really1.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.5+really1.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.5+really1.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kubernetes/kubelet

Affected ranges

Type: GIT
Repo: https://github.com/kubernetes/kubelet
Events: Last affected

254eabfe0e9fbe17c214094a694d660df0817cc0

Introduced

d37f045d808033445aaa284ad80454c948b37958

Last affected

34208c3e83ddc4ce4ed4d9142e09447eb167086a

Introduced

b1292eb3207057f0274a51330ba8d612f4faadd6

Last affected

69dfb18d15a9911ea7c84710175b79efa945025e

Introduced

dfb3e7ad852bb4bddb790a705c185cef198c2823

Last affected

df95cb551f35b0486833b1c5a232052ca75c877f