CVE-2022-3962 Vulnerability Details

  /     /     /  

CVE-2022-3962 Metadata Quick Info

CVE Published: 23/09/2023 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: redhat | Vendor: Red Hat | Product: Red Hat OpenShift Service Mesh 2.3 for RHEL 8
Status : PUBLISHED

---

CVE-2022-3962 Description

A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-74
CWE Name: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( Injection )
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).