CVE-2022-3162

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Kubernetes (affected versions not specified)

Description The issue is related to insufficient access control in Kubernetes, allowing users authorized to list or watch one type of namespaced custom resource cluster-wide to read custom resources of a different type in the same API group without authorization. This affects clusters with 2+ CustomResourceDefinitions sharing the same API group, where users have cluster-wide list or watch authorization on one custom resource but not on another in the same API group.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Path traversal

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-22CWE-23

Related Identifiers

ALT-PU-2022-3314

ALT-PU-2023-1321

ALT-PU-2023-1520

ALT-PU-2023-1529

AZL-13780

AZL-13781

AZL-13782

AZL-13783

AZL-25938

AZL-31287

AZL-34838

BDU:2022-06757

CVE-2022-3162

GHSA-2394-5535-8J88

GO-2023-1628

OESA-2023-1413

OESA-2023-1414

OESA-2023-1415

OESA-2023-1416

OPENSUSE-SU-2024:12781-1

OPENSUSE-SU-2024:12810-1

OPENSUSE-SU-2025:15424-1

RHSA-2022:7398

RHSA-2023:0772

SUSE-SU-2023:2292-1

Affected Products

Alt Linux

Kubernetes

Suse

CVE-2022-3162

Weakness Enumeration

Related Identifiers

Affected Products

References · 94