CVE-2022-4145 — Injection in Redhat Openshift Container Platform

CWE-74 — Injection4 documents4 sources

Severity

5.3MEDIUMNVD

CNA4.3

EPSS

0.1%

top 76.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openshift Container Platform

Timeline

PublishedOct 5

Description

A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages0 packages

Also affects: Openshift Container Platform 4.0

🔴Vulnerability Details

CVEList

Content spoofing↗2023-10-05

▶

GHSA

GHSA-wjx7-c5qx-88jp: A content spoofing flaw was found in OpenShift's OAuth endpoint↗2023-10-05

▶

📋Vendor Advisories

Red Hat

openshift: content spoofing↗2022-11-22

▶