Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF)
CVE-2022-3172
8.2HIGH
What is CVE-2022-3172?
A security issue in kube-apiserver allows an aggregated API server to redirect client traffic to unauthorized URLs. This vulnerability poses risks, as clients may unknowingly perform unintended actions while their API server credentials could be exposed to malicious third parties. Users are advised to review and update their systems to mitigate potential exploitation.
Affected Version(s)
kube-apiserver v1.25.0
kube-apiserver v1.24.0
kube-apiserver v1.23.0