Oval Definition:oval:org.opensuse.security:def:20223162
Revision Date:2023-06-22Version:1
Title:CVE-2022-3162
Description:

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-3162
SUSE CVE-2022-3162
SUSE-SU-2023:2292-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Containers 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Containers 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • kubernetes1.23-client-1.23.17-150500.1.3 is installed
  • OR kubernetes1.23-client-common-1.23.17-150500.1.3 is installed
  • OR kubernetes1.24-client-1.24.13-150500.1.3 is installed
  • OR kubernetes1.24-client-common-1.24.13-150500.1.3 is installed
    • BACK