DEBIAN-CVE-2022-3172

DEBIAN-CVE-2022-3172 PUBLISHED CVSS 8.199999809265137 HIGH

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:12	kubernetes	0, 0, 0
Debian:13	kubernetes	0, 0, 0
Debian:11	kubernetes	0, 0, 0
Debian:14	kubernetes	0, 0, 0

Exploit Intelligence

UgOrange/CVE-2022-3172 (github-poc-repo)
UgOrange/CVE-2022-3172 (github-poc)
CVE.json (github-poc)

Timeline

Nov 3, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-3172 advisory

Open in Interactive Console →