Server-Side Request Forgery (SSRF) The advisory has been revoked - it doesn't affect any version of package openshift-clients-redistributable Open this link in a new tab
Threat Intelligence
EPSS
0.07% (29th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-OPENSHIFTCLIENTSREDISTRIBUTABLE-5424783
- published 26 Mar 2023
- disclosed 16 Sep 2022
Introduced: 16 Sep 2022
CVE-2022-3172 Open this link in a new tabAmendment
The Red Hat
security team deemed this advisory irrelevant for RHEL:8
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream openshift-clients-redistributable
package and not the openshift-clients-redistributable
package as distributed by RHEL
.
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.