A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-23T19:00:54.200Z

Updated: 2024-08-03T01:27:53.126Z

Reserved: 2022-11-12T00:20:34.872Z

Link: CVE-2022-3962

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-23T20:15:10.747

Modified: 2024-11-21T07:20:37.480

Link: CVE-2022-3962

cve-icon Redhat

Severity : Low

Publid Date: 2022-11-22T00:00:00Z

Links: CVE-2022-3962 - Bugzilla