CGA-x2wv-7p28-8wfg

Published

Last updated

https://images.chainguard.dev/security/CGA-x2wv-7p28-8wfg

Package

kiali

Latest Update

Not affected

Aliases

CVE-2022-3962
GHSA-6f4m-j56w-55c3

Severity

4.3

Medium

CVSS V3

Summary

Kiali content spoofing vulnerability

Description

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-3962
https://github.com/advisories/GHSA-6f4m-j56w-55c3
https://github.com/kiali/kiali/commit/aab7694f850f04d7fd875fac5f720a93ccdf01ad
https://access.redhat.com/errata/RHSA-2023:0542
https://access.redhat.com/security/cve/CVE-2022-3962
https://bugzilla.redhat.com/show_bug.cgi?id=2148661
https://github.com/kiali/kiali
https://issues.redhat.com/browse/OSSM-2251?attachmentViewMode=list

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-x2wv-7p28-8wfg

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources