CVE-2022-3162

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-3162
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3162.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3162
Aliases
Downstream
Related
Published
2023-03-01T19:15:25.457Z
Modified
2026-03-11T00:14:50.360045Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

References

Affected packages

Git / github.com/kubernetes/kubernetes

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes/kubernetes
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1d79bc3bcccfba7466c44cc2055d6e7442e140ea
Introduced
ab69524f795c42094a6630298ff53f3c3ebab7f4
Last affected
592eca05be27f7d927d0b25cbb4241d75a9574bf
Introduced
4ce5a8954017644c5420bae81d72b09b735c21f0
Last affected
e6f35974b08862a23e7f4aad8e5d7f7f2de26c15
Introduced
a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2
Last affected
434bfd82814af038ad94d62ebe59b133fcb50506
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.22.15"
        },
        {
            "introduced": "1.23.0"
        },
        {
            "last_affected": "1.23.13"
        },
        {
            "introduced": "1.24.0"
        },
        {
            "last_affected": "1.24.7"
        },
        {
            "introduced": "1.25.0"
        },
        {
            "last_affected": "1.25.3"
        }
    ]
}

Affected versions

v1.*
v1.23.0
v1.23.1
v1.23.1-rc.0
v1.23.10
v1.23.10-rc.0
v1.23.11
v1.23.11-rc.0
v1.23.12
v1.23.12-rc.0
v1.23.13
v1.23.13-rc.0
v1.23.2
v1.23.2-rc.0
v1.23.3
v1.23.3-rc.0
v1.23.4
v1.23.4-rc.0
v1.23.5
v1.23.5-rc.0
v1.23.6
v1.23.6-rc.0
v1.23.7
v1.23.7-rc.0
v1.23.8
v1.23.8-rc.0
v1.23.9
v1.23.9-rc.0
v1.24.0
v1.24.1
v1.24.1-rc.0
v1.24.2
v1.24.2-rc.0
v1.24.3
v1.24.3-rc.0
v1.24.4
v1.24.4-rc.0
v1.24.5
v1.24.5-rc.0
v1.24.6
v1.24.6-rc.0
v1.24.7
v1.24.7-rc.0
v1.25.0
v1.25.1
v1.25.1-rc.0
v1.25.2
v1.25.2-rc.0
v1.25.3
v1.25.3-rc.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3162.json"