CVE-2022-3962
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat OpenShift Service Mesh 2.3 for RHEL 8 | 1.57.5-3 < * | unaffected |
Weaknesses
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:0542
- https://access.redhat.com/security/cve/CVE-2022-3962
- https://bugzilla.redhat.com/show_bug.cgi?id=2148661
References
- https://access.redhat.com/errata/RHSA-2023:0542
- https://access.redhat.com/security/cve/CVE-2022-3962
- https://bugzilla.redhat.com/show_bug.cgi?id=2148661
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.