CVE-2022-3294
Node address isn't always verified when proxying
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
*Credits:
Yuval Avrahami of Palo Alto Networks
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-23 CVE Reserved
- 2023-03-01 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA | Mailing List | |
| https://security.netapp.com/advisory/ntap-20230505-0007 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/113757 | 2023-05-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | < 1.22.16 Search vendor "Kubernetes" for product "Kubernetes" and version " < 1.22.16" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.23.0 < 1.23.14 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.23.0 < 1.23.14" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.24.0 < 1.24.8 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.24.0 < 1.24.8" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.25.0 < 1.25.4 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.25.0 < 1.25.4" | - |
Affected
| ||||||