VDB
RHSA-2023%3A3609
RHSA-2023%3A3609
PUBLISHED
CVSS 5.099999904632568 MEDIUM
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.
Risk Scores
CVSS 3.1
5.099999904632568
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | odf4/odf-rhel8-operator@sha256:f3d12e90b7a2bb44e15da2b9082afc361c1e1555e8c2bd24a022cd00ea755838_amd64 as a component of RHODF 4.12 for RHEL 8 | odf4/odf-rhel8-operator@sha256:f3d12e90b7a2bb44e15da2b9082afc361c1e1555e8c2bd24a022cd00ea755838_amd64 |
| Red Hat | odf4/mcg-operator-bundle@sha256:321acbfdd6b022f2439c1c8fa8772c79d2ded0f2a56fbebc18be01b30e9fd856_s390x as a component of RHODF 4.12 for RHEL 8 | odf4/mcg-operator-bundle@sha256:321acbfdd6b022f2439c1c8fa8772c79d2ded0f2a56fbebc18be01b30e9fd856_s390x |
| Red Hat | odf4/odr-cluster-operator-bundle@sha256:1e9c89e7e05cde772591dec21007be1939d34d90872346fec7f10803c90b3ac2_s390x as a component of RHODF 4.12 for RHEL 8 | odf4/odr-cluster-operator-bundle@sha256:1e9c89e7e05cde772591dec21007be1939d34d90872346fec7f10803c90b3ac2_s390x |
| Red Hat | odf4/rook-ceph-rhel8-operator@sha256:cb5c9190f28e1fff2d5c05011f962e9be0d6dbfdac43cd070f44078452a2dd74_amd64 as a component of RHODF 4.12 for RHEL 8 | odf4/rook-ceph-rhel8-operator@sha256:cb5c9190f28e1fff2d5c05011f962e9be0d6dbfdac43cd070f44078452a2dd74_amd64 |
| Red Hat | odf4/odf-csi-addons-operator-bundle@sha256:790a1089a310079b8d13d76021068280a065dab75925e7d63203f063ced3b6b8_amd64 as a component of RHODF 4.12 for RHEL 8 | odf4/odf-csi-addons-operator-bundle@sha256:790a1089a310079b8d13d76021068280a065dab75925e7d63203f063ced3b6b8_amd64 |
| Red Hat | odf4/odf-operator-bundle@sha256:e57f89fd338b4cf393f4cde1dd0f37c7fb51efc6fc2193d9e701781d646dd94f_ppc64le as a component of RHODF 4.12 for RHEL 8 | odf4/odf-operator-bundle@sha256:e57f89fd338b4cf393f4cde1dd0f37c7fb51efc6fc2193d9e701781d646dd94f_ppc64le |
| Red Hat | odf4/mcg-core-rhel8@sha256:3490758a3201514f18d36650ad0880f74337e7b982162c8853a9ef1399d45c83_s390x as a component of RHODF 4.12 for RHEL 8 | * |
| Red Hat | odf4/odf-csi-addons-rhel8-operator@sha256:2fe2851dd6880bb145823dc9f041bd6dafa6c8566f02775a12eed452a748f528_s390x as a component of RHODF 4.12 for RHEL 8 | * |
| Red Hat | odf4/odf-csi-addons-sidecar-rhel8@sha256:2c0085e0efaffcfef4aace1a0551ee8799cb3770e5df94d97fffc0e0943c273a_s390x as a component of RHODF 4.12 for RHEL 8 | odf4/odf-csi-addons-sidecar-rhel8@sha256:2c0085e0efaffcfef4aace1a0551ee8799cb3770e5df94d97fffc0e0943c273a_s390x |
| Red Hat | odf4/mcg-rhel8-operator@sha256:f052756c97e9a63fab1129fa08f63ce164e15c94bf66e1c851360b6579b2d5f8_s390x as a component of RHODF 4.12 for RHEL 8 | * |
| Red Hat | odf4/mcg-rhel8-operator@sha256:1c2286a69dd01a9bae529264a6859c1d75537502ce98b654bd53b4e34c22f642_ppc64le as a component of RHODF 4.12 for RHEL 8 | odf4/mcg-rhel8-operator@sha256:1c2286a69dd01a9bae529264a6859c1d75537502ce98b654bd53b4e34c22f642_ppc64le |
| Red Hat | odf4/ocs-client-rhel8-operator@sha256:39ee3ed5ac9c072577f9737236d03d92d1a3f3ec16e88aa4f9bc778a18af5fda_s390x as a component of RHODF 4.12 for RHEL 8 | odf4/ocs-client-rhel8-operator@sha256:39ee3ed5ac9c072577f9737236d03d92d1a3f3ec16e88aa4f9bc778a18af5fda_s390x |
| Red Hat | odf4/ocs-metrics-exporter-rhel8@sha256:7bbfa727bfbe5037967b34e6c3d0711f976cbf9085a4bf3b23409744d0518927_ppc64le as a component of RHODF 4.12 for RHEL 8 | odf4/ocs-metrics-exporter-rhel8@sha256:7bbfa727bfbe5037967b34e6c3d0711f976cbf9085a4bf3b23409744d0518927_ppc64le |
| Red Hat | odf4/rook-ceph-rhel8-operator@sha256:445a7af195354c94303a357eea076e8b9f99323f3d08a156ed51c9bbece7964d_ppc64le as a component of RHODF 4.12 for RHEL 8 | odf4/rook-ceph-rhel8-operator@sha256:445a7af195354c94303a357eea076e8b9f99323f3d08a156ed51c9bbece7964d_ppc64le |
| Red Hat | odf4/cephcsi-rhel8@sha256:8b20ec2847f20acb0290cd6c48554440ee0c76c74087124a1be42074db7046da_s390x as a component of RHODF 4.12 for RHEL 8 | odf4/cephcsi-rhel8@sha256:8b20ec2847f20acb0290cd6c48554440ee0c76c74087124a1be42074db7046da_s390x |
| Red Hat | odf4/odf-csi-addons-sidecar-rhel8@sha256:590f2e49fbc2610a5e8967f798b5083c4a9494ee043305ab6d8ccddc231592c5_amd64 as a component of RHODF 4.12 for RHEL 8 | odf4/odf-csi-addons-sidecar-rhel8@sha256:590f2e49fbc2610a5e8967f798b5083c4a9494ee043305ab6d8ccddc231592c5_amd64 |
| Red Hat | odf4/odr-rhel8-operator@sha256:2d8e563f015605c44b3d8cf66e1ccf33bb04402760d63777d86157fadac46e97_s390x as a component of RHODF 4.12 for RHEL 8 | odf4/odr-rhel8-operator@sha256:2d8e563f015605c44b3d8cf66e1ccf33bb04402760d63777d86157fadac46e97_s390x |
| Red Hat | odf4/odr-hub-operator-bundle@sha256:9b6647cef3ca8f9c368fbe2a62152450a075405f430768f08c713008abd9a6cd_amd64 as a component of RHODF 4.12 for RHEL 8 | odf4/odr-hub-operator-bundle@sha256:9b6647cef3ca8f9c368fbe2a62152450a075405f430768f08c713008abd9a6cd_amd64 |
| Red Hat | odf4/odr-rhel8-operator@sha256:b2ba54ee096b54f348e539061132fedb2dc274ae62105d7e4f769578c3b68ddb_amd64 as a component of RHODF 4.12 for RHEL 8 | odf4/odr-rhel8-operator@sha256:b2ba54ee096b54f348e539061132fedb2dc274ae62105d7e4f769578c3b68ddb_amd64 |
| Red Hat | odf4/odf-multicluster-console-rhel8@sha256:84a28f1150151960b097432b99ab2fa6c34716441a8b9dd32aac4823c8f3e292_ppc64le as a component of RHODF 4.12 for RHEL 8 | * |
…and 49 more
Exploit Intelligence
- UgOrange/CVE-2022-3172 (github-poc-repo)
- UgOrange/CVE-2022-3172 (github-poc)
- CVE.json (github-poc)
Timeline
- Jun 14, 2023 CVE Published
- Mar 21, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:3609 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2127804 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2182943 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2188331 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2192596 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2195989 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2208477 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3609.json advisory
- https://access.redhat.com/security/cve/CVE-2022-3172 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-3172 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-3172 advisory
- https://github.com/kubernetes/kubernetes/issues/112513 advisory