6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-3162

GHSA ID

GHSA-2394-5535-8j88

EPSS Score

0.71779%

CWE

CWE-22

Published

3/1/2023

Updated

5/11/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-3162

CVE-2022-3162: Kubernetes vulnerable to path traversal

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-3162

GHSA ID

GHSA-2394-5535-8j88

EPSS Score

0.71779%

CWE

CWE-22

Published

3/1/2023

Updated

5/11/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/kubernetes/kubernetes	go	>= 1.25.0, < 1.25.3	1.25.4
github.com/kubernetes/kubernetes	go	>= 1.24.0, < 1.24.8	1.24.8
github.com/kubernetes/kubernetes	go	>= 1.23.0, < 1.23.14	1.23.14
github.com/kubernetes/kubernetes	go	>= 1.22.0, < 1.22.16	1.22.16

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper path validation when handling custom resource requests in the same API group. Key functions in the API server's request handling chain:

The List method in registry/store.go manages storage path resolution for list/watch operations. Without proper resource type validation, it allowed traversal across CRD types.
The getResourceHandler in handlers/get.go processes resource paths. Lack of sanitization for relative path components ('..') enabled unauthorized access to different resource types. Both functions are central to the path resolution mechanism and align with the described CWE-22/CWE-23 path traversal characteristics. The kube-apiserver's custom resource handling architecture and the vulnerability's preconditions strongly implicate these core request processing functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Us*rs *ut*oriz** to list or w*t** on* typ* o* n*m*sp**** *ustom r*sour** *lust*r-wi** **n r*** *ustom r*sour**s o* * *i***r*nt typ* in t** s*m* *PI *roup wit*out *ut*oriz*tion. *lust*rs *r* imp**t** *y t*is vuln*r**ility i* *ll o* t** *ollowin* *r* t

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* v*li**tion w**n **n*lin* *ustom r*sour** r*qu*sts in t** s*m* *PI *roup. K*y *un*tions in t** *PI s*rv*r's r*qu*st **n*lin* ***in: *. T** List m*t*o* in r**istry/stor*.*o m*n***s stor*** p*t* r*solution *or

6.5

Basic Information

Concerned about an active attack path?

CVE-2022-3162: Kubernetes vulnerable to path traversal

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI