CVE-2022-3162 : Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a dif

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

Published 2023-03-01 19:15:25

Updated 2023-05-11 15:15:10

Source Kubernetes

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2022-3162

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-3162

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	Kubernetes
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-3162

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)
CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Assigned by: jordan@liggitt.net (Secondary)

References for CVE-2022-3162

https://github.com/kubernetes/kubernetes/issues/113756

CVE-2022-3162: Unauthorized read of Custom Resources · Issue #113756 · kubernetes/kubernetes · GitHub
Issue Tracking;Vendor Advisory
https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA

[Security Advisory] CVE-2022-3162: Unauthorized read of Custom Resources
Mailing List;Vendor Advisory
https://security.netapp.com/advisory/ntap-20230511-0004/

CVE-2022-3162 Kubernetes Vulnerability in NetApp Products | NetApp Product Security

Products affected by CVE-2022-3162

Kubernetes » Kubernetes
Versions up to, including, (<=) 1.22.15
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Matching versions
Kubernetes » Kubernetes
Versions from including (>=) 1.25.0 and up to, including, (<=) 1.25.3
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Matching versions
Kubernetes » Kubernetes
Versions from including (>=) 1.23.0 and up to, including, (<=) 1.23.13
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Matching versions
Kubernetes » Kubernetes
Versions from including (>=) 1.24.0 and up to, including, (<=) 1.24.7
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-3162

Exploit prediction scoring system (EPSS) score for CVE-2022-3162

CVSS scores for CVE-2022-3162

CWE ids for CVE-2022-3162

References for CVE-2022-3162

Products affected by CVE-2022-3162