Published: 01/03/2023 Updated: 11/05/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kubernetes kubernetes

Synopsis Moderate: Migration Toolkit for Containers (MTC) 177 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 177 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: Red Hat OpenShift Service Mesh Containers for 240 Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh Containers for 240Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sev ...

Synopsis Moderate: OpenShift Container Platform 4124 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat build of MicroShift release 4124 is now available with updates to packages and images that fi ...

Synopsis Moderate: OpenShift Container Platform 4120 packages and security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4120 is now available withupdates to packag ...

Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 610 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...

Synopsis Moderate: OpenShift Container Platform 4120 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4120 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...

DescriptionA flaw was found in etcd Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to readA flaw was found in etcd Users authorized to list or watch one type of namespaced custom resource cluster-wide can read ...

CWE-22 https://github.com/kubernetes/kubernetes/issues/113756 https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA https://security.netapp.com/advisory/ntap-20230511-0004/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:0693 https://access.redhat.com/security/cve/cve-2022-3162

CVE-2022-3162

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect