Lucene search
K

37 matches found

OSV
OSV
added 2023/03/01 7:15 p.m.4 views

AZL-31287 CVE-2022-3162 affecting package kubernetes for versions less than 1.25.4-0

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7AI score0.01191EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 7:15 p.m.4 views

AZL-13783 CVE-2022-3162 affecting package rook for versions less than 1.6.2-25

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS6.9AI score0.01191EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 7:15 p.m.7 views

AZL-13782 CVE-2022-3162 affecting package kube-vip-cloud-provider for versions less than 0.0.2-21

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7AI score0.01191EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 7:15 p.m.1 views

DEBIAN-CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7AI score0.01191EPSS
Exploits0References1
Prion
Prion
added 2023/03/01 7:15 p.m.24 views

Authorization

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

4CVSS6.8AI score0.01191EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/01 7:15 p.m.1 views

UBUNTU-CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7AI score0.01191EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/03/01 7:15 p.m.52 views

CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS6.9AI score0.01191EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/01 12:0 a.m.25 views

CVE-2022-3162 Unauthorized read of Custom Resources

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS7.1AI score0.01191EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/01 12:0 a.m.6 views

CVE-2022-3162 Unauthorized read of Custom Resources

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS6.9AI score0.01191EPSS
Exploits0References3
OSV
OSV
added 2023/03/01 12:0 a.m.18 views

CVE-2022-3162 Unauthorized read of Custom Resources

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS6.8AI score0.01191EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/03/01 12:0 a.m.41 views

CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...

6.5CVSS6.6AI score0.01191EPSS
Exploits0
CVE
CVE
added 2023/03/01 12:0 a.m.307 views

CVE-2022-3162

The CVE-2022-3162 entry affects Kubernetes kube-apiserver, where an authenticated user with cluster-wide list/watch rights on one CustomResourceDefinition in an API group could read custom resources of another type in the same API group due to improper authorization. Impact is read access to othe...

6.5CVSS6.9AI score0.01191EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2023/02/20 6:33 p.m.4 views

kubernetes: Unauthorized read of Custom Resources

A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...

6.5CVSS6.8AI score0.01191EPSS
Exploits0References5
Veracode
Veracode
added 2023/01/31 12:45 a.m.29 views

Information Disclosure

openshift is vulnerable to Information Disclosure. Users authorized to list or watch one type of namespaced custom resource, cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...

6.5CVSS7.2AI score0.01191EPSS
Exploits0References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/11/29 12:0 a.m.42 views

Oracle Linux 7 : kubernetes (ELSA-2022-10035)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10035 advisory. - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve...

10CVSS6.9AI score0.02701EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/05/06 12:50 a.m.28 views

CVE-2021-25746 Ingress-nginx directive injection via annotations

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default configuration, that...

7.6CVSS7.6AI score0.01373EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/25 8:30 a.m.77 views

CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

8.1CVSS1.7AI score0.01109EPSS
Exploits0References3
Rows per page
Query Builder