Lucene search

Redhat.comRH:CVE-2022-3248

HistoryOct 05, 2023 - 12:54 p.m.

CVE-2022-3248

2023-10-0512:54:36

redhat.com

access.redhat.com

openshift api

admission checks

attacker

permissions

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

A flaw was found in OpenShift API, as admission checks do not enforce “custom-host” permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.

References

bugzilla.redhat.com/show_bug.cgi?id=2072188

nvd.nist.gov/vuln/detail/CVE-2022-3248

www.cve.org/CVERecord?id=CVE-2022-3248

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for RH:CVE-2022-3248