CVE-2022-3962

Summary

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat OpenShift Service Mesh 2.3 for RHEL 81.57.5-3 < *unaffected

Weaknesses

  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADP Enrichment

CVE Program Container

Additional References

References