CVE-2022-3962
Kiali: error message spoofing in kiali ui
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
Se encontró una vulnerabilidad de suplantación de contenido en Kiali. Se descubrió que Kiali no implementa el manejo de errores cuando no se puede encontrar la página o el endpoint al que se accede. Este problema permite a un atacante realizar una inyección de texto arbitrario cuando se recupera una respuesta de error de la URL a la que se accede.
Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-12 CVE Reserved
- 2023-01-31 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:0542 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2022-3962 | 2023-01-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2148661 | 2023-01-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openshift Service Mesh Search vendor "Redhat" for product "Openshift Service Mesh" | 2.3.1 Search vendor "Redhat" for product "Openshift Service Mesh" and version "2.3.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Service Mesh Search vendor "Redhat" for product "Openshift Service Mesh" | 2.3.1 Search vendor "Redhat" for product "Openshift Service Mesh" and version "2.3.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" | 8.0 Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "8.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Service Mesh Search vendor "Redhat" for product "Openshift Service Mesh" | 2.3.1 Search vendor "Redhat" for product "Openshift Service Mesh" and version "2.3.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 8.0 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.0" | - |
Safe
|
| Kiali Search vendor "Kiali" | Kiali Search vendor "Kiali" for product "Kiali" | - | - |
Affected
| ||||||