Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3962

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

Published

2023-09-23T20:15:10.747

Last Modified

2024-11-21T07:20:37.480

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-74
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kiali	kiali	-	Yes
Application	redhat	openshift_service_mesh	2.3.1	Yes
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux_for_ibm_z_systems	8.0	No
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.0	No

References

https://access.redhat.com/errata/RHSA-2023:0542 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-3962 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2148661 Issue Tracking, Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:0542 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2022-3962 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2148661 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)