C-0089 - CVE-2022-3172-aggregated-API-server-redirect

CVE-2022-3172-aggregated-API-server-redirect

Framework

ArmoBest

Severity

Low

Description of the the issue

kube-apiserver allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties

Related resources

APIService

What does this control test

List aggregated API server services that could potentially be used to redirect client traffic to any URL, if the kube-api-server is vulnerable to CVE-2022-3172

Remediation

Upgrade the Kubernetes version to one of the following versions (or higher patchs): v1.25.1, v1.24.5, v1.23.11, `v1.22.14

Example


Did this page help you?