CVE-2022-3962

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-3962

CGA ID

CGA-x2wv-7p28-8wfg

Severity

Unknown

Summary

Kiali content spoofing vulnerability

Description

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

References

https://images.chainguard.dev/security/CGA-x2wv-7p28-8wfg
https://github.com/advisories/GHSA-6f4m-j56w-55c3
https://nvd.nist.gov/vuln/detail/CVE-2022-3962
https://github.com/kiali/kiali/commit/aab7694f850f04d7fd875fac5f720a93ccdf01ad
https://access.redhat.com/errata/RHSA-2023:0542
https://access.redhat.com/security/cve/CVE-2022-3962
https://bugzilla.redhat.com/show_bug.cgi?id=2148661
https://github.com/kiali/kiali
https://issues.redhat.com/browse/OSSM-2251?attachmentViewMode=list

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2022-3962

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources