CVE-2022-3172
Publication date 3 November 2023
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.
Status
Package | Ubuntu Release | Status |
---|---|---|
kubernetes | 24.10 oracular |
Needs evaluation
|
24.04 LTS noble |
Needs evaluation
|
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Ignored end of standard support |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.2 · High |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | High |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |