UBUNTU-CVE-2022-3172

See a problem?

Source

https://ubuntu.com/security/CVE-2022-3172

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3172.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-3172

Related

CVE-2022-3172

Published

2023-11-03T20:15:00Z

Modified

2024-10-15T14:09:59Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

References

Affected packages

Ubuntu:20.04:LTS / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/ubuntu/kubernetes?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/ubuntu/kubernetes?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/ubuntu/kubernetes?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/ubuntu/kubernetes?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0

Ecosystem specific

{
    "ubuntu_priority": "medium"
}