37 matches found
AZL-31287 CVE-2022-3162 affecting package kubernetes for versions less than 1.25.4-0
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
AZL-13783 CVE-2022-3162 affecting package rook for versions less than 1.6.2-25
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
AZL-13782 CVE-2022-3162 affecting package kube-vip-cloud-provider for versions less than 0.0.2-21
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
DEBIAN-CVE-2022-3162
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
Authorization
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
UBUNTU-CVE-2022-3162
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
CVE-2022-3162
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
CVE-2022-3162 Unauthorized read of Custom Resources
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
CVE-2022-3162 Unauthorized read of Custom Resources
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
CVE-2022-3162 Unauthorized read of Custom Resources
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
CVE-2022-3162
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
CVE-2022-3162
The CVE-2022-3162 entry affects Kubernetes kube-apiserver, where an authenticated user with cluster-wide list/watch rights on one CustomResourceDefinition in an API group could read custom resources of another type in the same API group due to improper authorization. Impact is read access to othe...
kubernetes: Unauthorized read of Custom Resources
A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...
Information Disclosure
openshift is vulnerable to Information Disclosure. Users authorized to list or watch one type of namespaced custom resource, cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...
Oracle Linux 7 : kubernetes (ELSA-2022-10035)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10035 advisory. - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve...
CVE-2021-25746 Ingress-nginx directive injection via annotations
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default configuration, that...
CVE-2021-25745
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...