Lucene search
K

22 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 9:44 p.m.7 views

Security Bulletin: IBM FoundationDB Operator Vulnerable to kube-apiserver vulnerability (CVE-2022-3172)

Summary IBM FoundationDB Operator addressed kube-apiserver vulnerability. Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing...

8.2CVSS5.4AI score0.02464EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.7 views

TencentOS Server 4: kubernetes (TSSA-2024:0872)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0872 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.8CVSS6.6AI score0.02464EPSS
Exploits2References7
GithubExploit
GithubExploit
added 2024/04/02 11:53 a.m.662 views

Exploit for Server-Side Request Forgery in Kubernetes Apiserver

CVE-2022-3172 demo Run poc.sh create...

8.2CVSS7AI score0.02464EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:24 p.m.60 views

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Unauthorized requests (SSRF), Improper path traversal, via k8s.io/apimachinery, k8s.io/apiserver (CVE-2022-3172, CVE-2022-3162)

Summary Kubernetes' apimachinery and apiserver are used by IBM Storage Fusion HCI to interact with the OpenShift platform. Vulnerabilities in these libraries include the possibility of unauthorized requests server-side request forgery and improper path traversal, as described the the CVEs listed ...

8.2CVSS6.4AI score0.02464EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/16 9:29 p.m.46 views

Security Bulletin: IBM Storage Fusion may be vulnerable to Unauthorized requests (SSRF), Improper path traversal, via k8s.io/apimachinery, k8s.io/apiserver (CVE-2022-3172, CVE-2022-3162)

Summary Kubernetes' apimachinery and apiserver are used by IBM Storage Fusion to interact with the OpenShift platform. Vulnerabilities in these libraries include the possibility of unauthorized requests server-side request forgery and improper path traversal, as described the the CVEs listed in t...

8.2CVSS6.7AI score0.02464EPSS
Exploits1Affected Software1
UbuntuCve
UbuntuCve
added 2023/11/03 8:15 p.m.53 views

CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

8.2CVSS6.8AI score0.02464EPSS
Exploits1References1
CVE
CVE
added 2023/11/03 6:11 p.m.1994 views

CVE-2022-3172

CVE-2022-3172 : Kubernetes kube-apiserver SSRF vulnerability allowing an aggregated API server to redirect client traffic to an arbitrary URL, potentially causing unintended actions and leaking API server credentials. Connected sources confirm affected product families (kube-apiserver) and that a...

8.2CVSS7.1AI score0.02464EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/11/03 6:11 p.m.40 views

CVE-2022-3172 Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

5.1CVSS5.9AI score0.02464EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2023/11/03 6:11 p.m.59 views

CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

8.2CVSS6.5AI score0.02464EPSS
Exploits1
Oracle linux
Oracle linux
added 2023/07/03 12:0 a.m.38 views

kubernetes security update

kubernetes 1.25.11-1 - Added Oracle specific build files for Kubernetes olcne 1.6.2-1 - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x 1.6.1-9 - Updated the CVE ID's in Istio-1.16.4 changelog entry 1.6.1-8 - Update Istio...

10CVSS6.7AI score0.02701EPSS
Exploits9
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/24 1:34 p.m.53 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...

8.2CVSS6.7AI score0.02464EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/04/12 12:2 p.m.142 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

9.8CVSS7AI score0.99931EPSS
Exploits45References11
RedHat Linux
RedHat Linux
added 2023/01/17 7:29 p.m.88 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

8.2CVSS6.7AI score0.02607EPSS
Exploits7References13
Oracle linux
Oracle linux
added 2022/11/29 12:0 a.m.54 views

kubernetes security update

kubernetes 1.21.14-3 - Addresses CVE-2022-3294 & CVE-2022-3162 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.9-2 - Fix 1.21 kubernetes version to align with last upstream release 1.4.9-1 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21...

10CVSS0.1AI score0.02701EPSS
Exploits2
Oracle linux
Oracle linux
added 2022/11/29 12:0 a.m.59 views

kubernetes security update

kubernetes 1.21.14-3 - Addresses CVE-2022-3294 & CVE-2022-3162 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.9-2 - Fix 1.21 kubernetes version to align with last upstream release 1.4.9-1 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21...

10CVSS0.1AI score0.02701EPSS
Exploits2
Oracle linux
Oracle linux
added 2022/10/05 12:0 a.m.48 views

kubernetes security update

kubernetes 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.8-2 - Updated Kubernetes package release version to 1.21.6-2 1.4.8-1 - Upgraded kubernetes-1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 1.4.7-1 - Upgrade Istio from 1.13.5 t...

7.2AI score0.02701EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.54 views

Oracle Linux 8 : kubernetes (ELSA-2022-9854)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9854 advisory. - Addresses CVE-2022-3172 olcne - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Adress...

10CVSS6.8AI score0.02701EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.44 views

Oracle Linux 7 : kubernetes (ELSA-2022-9853)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9853 advisory. - Addresses CVE-2022-3172 olcne - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Adress...

10CVSS6.8AI score0.02701EPSS
Exploits2References2
Oracle linux
Oracle linux
added 2022/10/03 12:0 a.m.63 views

kubernetes security update

kubernetes 1.22.14-1 - Added Oracle specific build files for Kubernetes kubernetes 1.23.11-1 - Added Oracle specific build files for Kubernetes olcne 1.5.6-1 - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 -...

7.3AI score0.02701EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/10/03 12:0 a.m.42 views

Oracle Linux 7 : kubernetes (ELSA-2022-9855)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9855 advisory. - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Resolve Kubernetes CVE-2022-3172 for version 1.22 - Resolve Kubernetes CVE-2022-3172 for version 1.23 -...

10CVSS6.8AI score0.02701EPSS
Exploits2References2
Rows per page
Query Builder