CVE-2022-3962
MEDIUM4.3EPSS 0.11%Kiali content spoofing vulnerability
發布日:2023/9/23修改日:2026/2/4
描述
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
受影響套件(2)
- Go/github.com/kiali/kialifrom 0, < 1.57.4
- Go/github.com/kiali/kialifrom 0, < 1.57.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
參考連結(8)
- ADVISORYhttps://github.com/advisories/GHSA-6f4m-j56w-55c3
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-3962
- PATCHhttps://github.com/kiali/kiali
- WEBhttps://access.redhat.com/errata/RHSA-2023:0542
- WEBhttps://access.redhat.com/security/cve/CVE-2022-3962
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2148661
- WEBhttps://github.com/kiali/kiali/commit/aab7694f850f04d7fd875fac5f720a93ccdf01ad
- WEBhttps://issues.redhat.com/browse/OSSM-2251?attachmentViewMode=list