CVE-2022-3962

CWE-746 documents5 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 71.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Kiali/kiali Redhat Openshift Service Mesh

Timeline

PublishedSep 23

Latest updateAug 21

Description

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶Gogithub.com/kiali/kiali< 1.57.4

▶NVDredhat/openshift_service_mesh2.3.1

🔴Vulnerability Details

OSV

Kiali content spoofing vulnerability in github.com/kiali/kiali↗2024-08-21

▶

CVEList

Kiali: error message spoofing in kiali ui↗2023-09-23

▶

GHSA

Kiali content spoofing vulnerability↗2023-09-23

▶

OSV

Kiali content spoofing vulnerability↗2023-09-23

▶

📋Vendor Advisories

Red Hat

kiali: error message spoofing in kiali UI↗2022-11-22

▶