Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2022-3962 | First vendor Publication | 2023-09-23 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 4.3 | ||
| Base Score | 4.3 | Environmental Score | 4.3 |
| impact SubScore | 1.4 | Temporal Score | 4.3 |
| Exploitabality Sub Score | 2.8 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | Low | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3962 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Sources (Detail)
| Source | Url |
|---|---|
| MISC | https://access.redhat.com/errata/RHSA-2023:0542 https://access.redhat.com/security/cve/CVE-2022-3962 https://bugzilla.redhat.com/show_bug.cgi?id=2148661 |
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:27:53 |
|
| 2023-09-26 21:27:26 |
|
| 2023-09-25 09:27:47 |
|
| 2023-09-24 00:27:58 |
|
