CVE-2022-3172

Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF)

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client's API server credentials to third parties.

Se descubrió un problema de seguridad en kube-apiserver que permite que un servidor API agregado redirija el tráfico del cliente a cualquier URL. Esto podría llevar a que el cliente realice acciones inesperadas, así como a que reenvíe las credenciales del servidor API del cliente a terceros.

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.

*Credits: Nicolas Joly, Weinong Wang

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-09 CVE Reserved
2023-01-18 CVE Published
2024-04-02 First Exploit
2024-08-03 CVE Updated
2024-11-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

CAPEC-560: Use of Known Domain Credentials

References (6)

URL	Tag	Source
https://groups.google.com/g/kubernetes-security-announce/c/_aLzYMpPRak	Mailing List
https://security.netapp.com/advisory/ntap-20231221-0005

URL	Date	SRC
https://github.com/UgOrange/CVE-2022-3172	2024-04-02

URL	Date	SRC

URL	Date	SRC
https://github.com/kubernetes/kubernetes/issues/112513	2023-12-21
https://access.redhat.com/security/cve/CVE-2022-3172	2023-06-14
https://bugzilla.redhat.com/show_bug.cgi?id=2127804	2023-06-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kubernetes Search vendor "Kubernetes"		Apiserver Search vendor "Kubernetes" for product "Apiserver"				<= 1.21.14 Search vendor "Kubernetes" for product "Apiserver" and version " <= 1.21.14"		-		Affected
Kubernetes Search vendor "Kubernetes"		Apiserver Search vendor "Kubernetes" for product "Apiserver"				>= 1.22.0 < 1.22.14 Search vendor "Kubernetes" for product "Apiserver" and version " >= 1.22.0 < 1.22.14"		-		Affected
Kubernetes Search vendor "Kubernetes"		Apiserver Search vendor "Kubernetes" for product "Apiserver"				>= 1.23.0 < 1.23.11 Search vendor "Kubernetes" for product "Apiserver" and version " >= 1.23.0 < 1.23.11"		-		Affected
Kubernetes Search vendor "Kubernetes"		Apiserver Search vendor "Kubernetes" for product "Apiserver"				>= 1.24.0 < 1.24.5 Search vendor "Kubernetes" for product "Apiserver" and version " >= 1.24.0 < 1.24.5"		-		Affected
Kubernetes Search vendor "Kubernetes"		Apiserver Search vendor "Kubernetes" for product "Apiserver"				1.25.0 Search vendor "Kubernetes" for product "Apiserver" and version "1.25.0"		-		Affected