Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-3962
CVE-2022-3962:
Wolfi vulnerability analysis and mitigation
Overview
A content spoofing vulnerability (CVE-2022-3962) was discovered in Kiali, a component of Red Hat OpenShift Service Mesh. The vulnerability was found in the Kiali UI where the application does not implement proper error handling when accessing unavailable pages or endpoints (Red Hat Advisory, NVD).
Technical details
The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The issue is classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component). The vulnerability affects Kiali when error responses are retrieved from accessed URLs (NVD).
Impact
This vulnerability allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. The impact is limited to content spoofing in the Kiali UI (Red Hat Advisory).
Mitigation and workarounds
The vulnerability has been fixed in Red Hat OpenShift Service Mesh 2.3.1. Users are advised to update to this version through the security advisory RHSA-2023:0542 (Red Hat Advisory).
Additional resources
Source: This report was generated using AI
Related Wolfi vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management