Vulnerability Description
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kiali | Kiali | - |
| Redhat | Openshift Service Mesh | 2.3.1 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 8.0 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:0542Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2022-3962Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2148661Issue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHSA-2023:0542Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2022-3962Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2148661Issue TrackingThird Party Advisory
FAQ
What is CVE-2022-3962?
CVE-2022-3962 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attac...
How severe is CVE-2022-3962?
CVE-2022-3962 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3962?
Check the references section above for vendor advisories and patch information. Affected products include: Kiali Kiali, Redhat Openshift Service Mesh, Redhat Enterprise Linux, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Little Endian Eus.