CVE-2022-3962
MEDIUMKiali < 1.57.4 - Content Spoofing via Error Page Text Injection
Title source: llmDescription
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:0542
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2022-3962
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2148661
Scores
CVSS v3
4.3
EPSS
0.0011
EPSS Percentile
28.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-74
Status
published
Products (3)
kiali/kiali
kiali/kiali
0 - 1.57.4Go
redhat/openshift_service_mesh
2.3.1
Published
Sep 23, 2023
Tracked Since
Feb 18, 2026