CVE-2022-3294

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Kubernetes (affected versions not specified)

Description A bug in the Kubernetes API server allows bypassing validation of node proxying addresses. This could enable an attacker to send authenticated requests to the API server's private network, potentially granting access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. The issue is related to the node proxying feature, which allows clients to access Kubelet endpoints, establish connections to Pods, and retrieve container logs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Authentication Bypass Using an Alternate Path or Channel

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-20

Related Identifiers

ALT-PU-2022-3314

ALT-PU-2023-1321

ALT-PU-2023-1520

ALT-PU-2023-1529

BDU:2022-06756

CVE-2022-3294

GHSA-JH36-Q97C-9928

GO-2023-1629

OESA-2023-1413

OESA-2023-1414

OESA-2023-1415

OESA-2023-1416

OPENSUSE-SU-2024:12737-1

OPENSUSE-SU-2024:12780-1

OPENSUSE-SU-2024:12781-1

OPENSUSE-SU-2024:12810-1

OPENSUSE-SU-2025:15424-1

SUSE-SU-2023:2292-1

Affected Products

Alt Linux

Kubernetes

Suse

CVE-2022-3294

Weakness Enumeration

Related Identifiers

Affected Products

References · 87