CVE-2022-3962
low-risk
Published 2023-09-23
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
Do I need to act?
-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (2)
Kiali
References (6)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:0542
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-3962
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2148661
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:0542
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-3962
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2148661
25
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
7/34 · Low