CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

Published: Sep 23, 2023
Updated: May 10, 2024
CVE: CVE-2022-3962
GHSA: GHSA-6f4m-j56w-55c3
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
github.com/kiali/kiali	-	1.57.4
redhat / openshift_service_mesh	2.3.1	2.3.1.x

https://access.redhat.com/errata/RHSA-2023:0542
https://access.redhat.com/security/cve/CVE-2022-3962
https://bugzilla.redhat.com/show_bug.cgi?id=2148661
https://github.com/kiali/kiali/commit/aab7694f850f04d7fd875fac5f720a93ccdf01ad
https://issues.redhat.com/browse/OSSM-2251?attachmentViewMode=list

Vulnerability Database

289,571

CVE-2022-3962