CVE-2022-3294

Node address isn't always verified when proxying

Description

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.

Remediation

Workaround:

  • Configuring an egress proxy for egress to the cluster network can mitigate this vulnerability

Category

6.6
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.47%
Vendor Advisory github.com
Affected: Kubernetes Kubernetes
Published at:
Updated at:

References

Link Tags
https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA third party advisory mailing list
https://github.com/kubernetes/kubernetes/issues/113757 patch vendor advisory
https://security.netapp.com/advisory/ntap-20230505-0007/

Frequently Asked Questions

What is the severity of CVE-2022-3294?
CVE-2022-3294 has been scored as a medium severity vulnerability.
How to fix CVE-2022-3294?
As a workaround for remediating CVE-2022-3294: Configuring an egress proxy for egress to the cluster network can mitigate this vulnerability
Is CVE-2022-3294 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-3294 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-3294?
CVE-2022-3294 affects Kubernetes Kubernetes.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.