Vulnerability Details : CVE-2022-3962
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
Products affected by CVE-2022-3962
- cpe:2.3:a:redhat:openshift_service_mesh:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kiali:kiali:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3962
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3962
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
Red Hat, Inc. |
References for CVE-2022-3962
-
https://access.redhat.com/security/cve/CVE-2022-3962
CVE-2022-3962- Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2148661
2148661 – (CVE-2022-3962) CVE-2022-3962 kiali: error message spoofing in kiali UIIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2023:0542
RHSA-2023:0542 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to