Lucene search

RedhatVULNRICHMENT:CVE-2022-3248

HistoryOct 05, 2023 - 1:28 p.m.

CVE-2022-3248 Openshift api admission checks does not enforce "custom-host" permissions

2023-10-0513:28:27

CWE-863

redhat

github.com

openshift

api

admission checks

custom-host

permissions

boundaries

attacker

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

20.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A flaw was found in OpenShift API, as admission checks do not enforce “custom-host” permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

References

access.redhat.com/security/cve/CVE-2022-3248

bugzilla.redhat.com/show_bug.cgi?id=2072188

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

20.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-3248