UBUNTU-CVE-2022-3172
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 03 Nov 2023, 20:15
Last modified:05 Aug 2025, 04:48
Vulnerability Summary
Overall Risk (default)
medium
33/100 CVSS Score
8.2 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
03 Nov 2023, 20:15
Published
Vulnerability first disclosed
05 Aug 2025, 04:48
Last Modified
Vulnerability information updated
Description
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.
CVSS Metrics
- v3.1•HIGH•Score: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Affected Systems
- ubuntu•kubernetes
all | all | all