CVE-2022-3294
published 2023-03-01CVE-2022-3294: Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.62%
73.0th percentile
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.20.5+really1.20.2-1 (bookworm) | kubernetes 1.20.5+really1.20.2-1 (bookworm) |
| github.com | kubernetes_kubernetes | >= 1.22.0 < 1.22.16 | 1.22.16 |
| github.com | kubernetes_kubernetes | >= 1.23.0 < 1.23.14 | 1.23.14 |
| github.com | kubernetes_kubernetes | >= 1.24.0 < 1.24.8 | 1.24.8 |
| github.com | kubernetes_kubernetes | >= 1.25.0 < 1.25.4 | 1.25.4 |
| k8s.io | kubernetes | >= 1.22.0 < 1.22.16 | 1.22.16 |
| k8s.io | kubernetes | >= 1.23.0 < 1.23.14 | 1.23.14 |
| k8s.io | kubernetes | >= 1.24.0 < 1.24.8 | 1.24.8 |
| k8s.io | kubernetes | >= 1.25.0 < 1.25.4 | 1.25.4 |
| kubernetes | kubernetes | < 1.22.16 | 1.22.16 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 1.23.0 < 1.23.14 | 1.23.14 |
| kubernetes | kubernetes | >= 1.24.0 < 1.24.8 | 1.24.8 |
| kubernetes | kubernetes | >= 1.25.0 < 1.25.4 | 1.25.4 |
| kubernetes | kubernetes | unspecified – v1.25.3 | — |
| msrc | cbl2_k3s_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian6.6MEDIUM
vendor_msrc6.6MEDIUM
vendor_redhat6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Microsoft
Node address isn't always verified when proxying
vendor_msrc·2023-03-14·CVSS 6.6
CVE-2022-3294 [MEDIUM] CWE-20 Node address isn't always verified when proxying
Node address isn't always verified when proxying
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
kubernetes: kubernetes
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://le
Red Hat
kubernetes: node address isn't always verified when proxying
vendor_redhat·2022-11-10·CVSS 6.6
CVE-2022-3294 [MEDIUM] CWE-288 kubernetes: node address isn't always verified when proxying
kubernetes: node address isn't always verified when proxying
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernet
Debian
CVE-2022-3294: kubernetes - Users may have access to secure endpoints in the control plane network. Kubernet...
vendor_debian·2022·CVSS 6.6
CVE-2022-3294 [MEDIUM] CVE-2022-3294: kubernetes - Users may have access to secure endpoints in the control plane network. Kubernet...
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
Scope: local
bookworm: resolved (fixed in 1.20.5+really1.20.2-1)
bullseye: resolved (fixed in 1.20.5+really1.20.2-1)
forky: resolved (fixed in 1.20.5+really1.20.2-1)
sid: resolved (
OSV
Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
osv·2024-08-20
CVE-2022-3294 Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
OSV
CVE-2022-3294: Users may have access to secure endpoints in the control plane network
osv·2023-03-01·CVSS 8.8
CVE-2022-3294 [HIGH] CVE-2022-3294: Users may have access to secure endpoints in the control plane network
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
OSV
Kubernetes vulnerable to validation bypass
osv·2023-03-01
CVE-2022-3294 [HIGH] Kubernetes vulnerable to validation bypass
Kubernetes vulnerable to validation bypass
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
GHSA
Kubernetes vulnerable to validation bypass
ghsa·2023-03-01
CVE-2022-3294 [HIGH] CWE-20 Kubernetes vulnerable to validation bypass
Kubernetes vulnerable to validation bypass
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/kubernetes/kubernetes/issues/113757https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbAhttps://security.netapp.com/advisory/ntap-20230505-0007/https://github.com/kubernetes/kubernetes/issues/113757https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbAhttps://security.netapp.com/advisory/ntap-20230505-0007/
2023-03-01
Published