22 matches found
Security Bulletin: IBM FoundationDB Operator Vulnerable to kube-apiserver vulnerability (CVE-2022-3172)
Summary IBM FoundationDB Operator addressed kube-apiserver vulnerability. Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing...
TencentOS Server 4: kubernetes (TSSA-2024:0872)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0872 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Exploit for Server-Side Request Forgery in Kubernetes Apiserver
CVE-2022-3172 demo Run poc.sh create...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Unauthorized requests (SSRF), Improper path traversal, via k8s.io/apimachinery, k8s.io/apiserver (CVE-2022-3172, CVE-2022-3162)
Summary Kubernetes' apimachinery and apiserver are used by IBM Storage Fusion HCI to interact with the OpenShift platform. Vulnerabilities in these libraries include the possibility of unauthorized requests server-side request forgery and improper path traversal, as described the the CVEs listed ...
Security Bulletin: IBM Storage Fusion may be vulnerable to Unauthorized requests (SSRF), Improper path traversal, via k8s.io/apimachinery, k8s.io/apiserver (CVE-2022-3172, CVE-2022-3162)
Summary Kubernetes' apimachinery and apiserver are used by IBM Storage Fusion to interact with the OpenShift platform. Vulnerabilities in these libraries include the possibility of unauthorized requests server-side request forgery and improper path traversal, as described the the CVEs listed in t...
CVE-2022-3172
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...
CVE-2022-3172
CVE-2022-3172 : Kubernetes kube-apiserver SSRF vulnerability allowing an aggregated API server to redirect client traffic to an arbitrary URL, potentially causing unintended actions and leaking API server credentials. Connected sources confirm affected product families (kube-apiserver) and that a...
CVE-2022-3172 Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF)
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...
CVE-2022-3172
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...
kubernetes security update
kubernetes 1.25.11-1 - Added Oracle specific build files for Kubernetes olcne 1.6.2-1 - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x 1.6.1-9 - Updated the CVE ID's in Istio-1.16.4 changelog entry 1.6.1-8 - Update Istio...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...
Critical: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update
Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...
kubernetes security update
kubernetes 1.21.14-3 - Addresses CVE-2022-3294 & CVE-2022-3162 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.9-2 - Fix 1.21 kubernetes version to align with last upstream release 1.4.9-1 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21...
kubernetes security update
kubernetes 1.21.14-3 - Addresses CVE-2022-3294 & CVE-2022-3162 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.9-2 - Fix 1.21 kubernetes version to align with last upstream release 1.4.9-1 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21...
kubernetes security update
kubernetes 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.8-2 - Updated Kubernetes package release version to 1.21.6-2 1.4.8-1 - Upgraded kubernetes-1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 1.4.7-1 - Upgrade Istio from 1.13.5 t...
Oracle Linux 8 : kubernetes (ELSA-2022-9854)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9854 advisory. - Addresses CVE-2022-3172 olcne - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Adress...
Oracle Linux 7 : kubernetes (ELSA-2022-9853)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9853 advisory. - Addresses CVE-2022-3172 olcne - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Adress...
kubernetes security update
kubernetes 1.22.14-1 - Added Oracle specific build files for Kubernetes kubernetes 1.23.11-1 - Added Oracle specific build files for Kubernetes olcne 1.5.6-1 - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 -...
Oracle Linux 7 : kubernetes (ELSA-2022-9855)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9855 advisory. - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Resolve Kubernetes CVE-2022-3172 for version 1.22 - Resolve Kubernetes CVE-2022-3172 for version 1.23 -...