Strix
26.1K

CVE-2022-3962

MEDIUMCVSS 4.3/10EPSS 0.71%

Last modified

CVE-2022-3962 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. EPSS estimates a 0.71% chance of exploitation in the next 30 days.

Description

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

Metrics

CVSS 3.1
4.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Probability
0.71%

48.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
KialiKialiAll versions
RedhatOpenshift Service Mesh2.3.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-3962?
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
How severe is CVE-2022-3962?
CVE-2022-3962 has a CVSS score of 4.3/10 (MEDIUM severity). The EPSS model estimates a 0.71% probability of exploitation in the next 30 days.
How do I fix CVE-2022-3962?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-3962?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST