{"id":"CVE-2022-3162","summary":"Unauthorized read of Custom Resources","details":"Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.","aliases":["GHSA-2394-5535-8j88","GO-2023-1628"],"modified":"2026-05-18T05:55:46.000469913Z","published":"2023-03-01T00:00:00Z","related":["SUSE-SU-2023:2292-1","openSUSE-SU-2024:12781-1","openSUSE-SU-2024:12810-1","openSUSE-SU-2025:15424-1"],"database_specific":{"cna_assigner":"kubernetes","cwe_ids":["CWE-23"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3162.json"},"references":[{"type":"WEB","url":"https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3162.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3162"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230511-0004/"},{"type":"REPORT","url":"https://github.com/kubernetes/kubernetes/issues/113756"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubelet","events":[{"introduced":"0"},{"last_affected":"254eabfe0e9fbe17c214094a694d660df0817cc0"},{"introduced":"b1292eb3207057f0274a51330ba8d612f4faadd6"},{"last_affected":"69dfb18d15a9911ea7c84710175b79efa945025e"},{"introduced":"dfb3e7ad852bb4bddb790a705c185cef198c2823"},{"last_affected":"df95cb551f35b0486833b1c5a232052ca75c877f"},{"introduced":"d37f045d808033445aaa284ad80454c948b37958"},{"last_affected":"34208c3e83ddc4ce4ed4d9142e09447eb167086a"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.22.15"},{"introduced":"1.23.0"},{"last_affected":"1.23.13"},{"introduced":"1.24.0"},{"last_affected":"1.24.7"},{"introduced":"1.25.0"},{"last_affected":"1.25.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*"}}],"versions":["v0.25.3","kubernetes-1.25.3","v0.24.7","kubernetes-1.24.7","v0.23.13","kubernetes-1.23.13","v0.22.15","kubernetes-1.22.15","kubernetes-1.9.0-alpha.3","kubernetes-1.9.0-alpha.2","kubernetes-1.9.0-alpha.1","kubernetes-1.9.0-alpha.0","kubernetes-1.13.0-alpha.0","kubernetes-1.12.0-beta.0","kubernetes-1.12.0-alpha.1","kubernetes-1.12.0-alpha.0","kubernetes-1.11.0-alpha.2","kubernetes-1.11.0-alpha.1","kubernetes-1.11.0-alpha.0","kubernetes-1.10.0-alpha.3","kubernetes-1.10.0-alpha.2","kubernetes-1.10.0-alpha.1","kubernetes-1.10.0-alpha.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3162.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"0"},{"last_affected":"1d79bc3bcccfba7466c44cc2055d6e7442e140ea"},{"introduced":"ab69524f795c42094a6630298ff53f3c3ebab7f4"},{"last_affected":"592eca05be27f7d927d0b25cbb4241d75a9574bf"},{"introduced":"4ce5a8954017644c5420bae81d72b09b735c21f0"},{"last_affected":"e6f35974b08862a23e7f4aad8e5d7f7f2de26c15"},{"introduced":"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2"},{"last_affected":"434bfd82814af038ad94d62ebe59b133fcb50506"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.22.15"},{"introduced":"1.23.0"},{"last_affected":"1.23.13"},{"introduced":"1.24.0"},{"last_affected":"1.24.7"},{"introduced":"1.25.0"},{"last_affected":"1.25.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*"}}],"versions":["v1.23.13","v1.24.7","v1.25.3","v1.25.3-rc.0","v1.25.2","v1.24.7-rc.0","v1.23.13-rc.0","v1.24.6","v1.23.12","v1.22.15","v1.22.15-rc.0","v1.22.14","v1.25.2-rc.0","v1.25.1","v1.23.12-rc.0","v1.24.6-rc.0","v1.24.5","v1.23.11","v1.25.1-rc.0","v1.25.0","v1.24.5-rc.0","v1.23.11-rc.0","v1.22.14-rc.0","v1.24.4","v1.23.10","v1.22.13","v1.22.13-rc.0","v1.24.4-rc.0","v1.23.10-rc.0","v1.22.12","v1.24.3","v1.23.9","v1.23.9-rc.0","v1.22.12-rc.0","v1.23.8","v1.22.11","v1.24.3-rc.0","v1.24.2","v1.22.11-rc.0","v1.23.8-rc.0","v1.24.2-rc.0","v1.22.10","v1.23.7","v1.24.1","v1.24.1-rc.0","v1.24.0","v1.23.7-rc.0","v1.23.6","v1.22.10-rc.0","v1.22.9","v1.23.6-rc.0","v1.23.5","v1.22.9-rc.0","v1.22.8","v1.23.5-rc.0","v1.22.8-rc.0","v1.23.4","v1.22.7","v1.23.4-rc.0","v1.23.3","v1.23.3-rc.0","v1.22.7-rc.0","v1.23.2","v1.22.6","v1.23.2-rc.0","v1.23.1","v1.22.6-rc.0","v1.22.5","v1.23.1-rc.0","v1.23.0","v1.22.5-rc.0","v1.22.4","v1.22.4-rc.0","v1.22.3","v1.22.3-rc.0","v1.22.2","v1.22.2-rc.0","v1.22.1","v1.22.1-rc.0","v1.22.0","v1.22.0-rc.0","v1.23.0-alpha.0","v1.22.0-beta.2","v1.22.0-beta.1","v1.22.0-beta.0","v1.22.0-alpha.3","v1.22.0-alpha.2","v1.22.0-alpha.1","v1.22.0-alpha.0","v1.21.0-beta.1","v1.21.0-beta.0","v1.21.0-alpha.3","v1.21.0-alpha.2","v1.21.0-alpha.1","v1.21.0-alpha.0","v1.20.0-beta.2","v1.20.0-beta.1","v1.20.0-beta.0","v1.20.0-alpha.3","v1.20.0-alpha.2","v1.20.0-alpha.1","v1.20.0-alpha.0","v1.19.0-beta.2","v1.19.0-beta.1","v1.19.0-beta.0","v1.19.0-alpha.3","v1.19.0-alpha.2","v1.19.0-alpha.1","v1.19.0-alpha.0","v1.18.0-alpha.5","v1.18.0-alpha.4","v1.18.0-alpha.2","v1.18.0-alpha.1","v1.18.0-alpha.0","v1.17.0-alpha.3","v1.17.0-alpha.1","v1.17.0-alpha.2","v1.17.0-alpha.0","v1.16.0-alpha.3","v1.16.0-alpha.2","v1.16.0-alpha.1","v1.16.0-alpha.0","v1.15.0-alpha.3","v1.15.0-alpha.2","v1.15.0-alpha.1","v1.14.0-alpha.3","v1.15.0-alpha.0","v1.14.0-alpha.2","v1.14.0-alpha.1","v1.14.0-alpha.0","v1.13.0-alpha.3","v1.13.0-alpha.2","v1.13.0-alpha.1","v1.13.0-alpha.0","v1.12.0-alpha.1","v1.12.0-alpha.0","v1.11.0-alpha.2","v1.11.0-alpha.1","v1.11.0-alpha.0","v1.10.0-alpha.3","v1.10.0-alpha.2","v1.10.0-alpha.1","v1.9.0-alpha.3","v1.10.0-alpha.0","v1.9.0-alpha.2","v1.9.0-alpha.1","v1.9.0-alpha.0","v1.8.0-alpha.3","v1.8.0-alpha.2","v1.8.0-alpha.0","v1.8.0-alpha.1","v1.7.0-alpha.4","v1.7.0-alpha.3","v1.7.0-alpha.2","v1.7.0-alpha.1","v1.7.0-alpha.0","v1.6.0-alpha.3","v1.6.0-alpha.2","v1.6.0-alpha.1","v1.6.0-alpha.0","v1.5.0-alpha.2","v1.5.0-alpha.1","v1.5.0-alpha.0","v1.4.0-alpha.3","v1.4.0-alpha.1","v1.4.0-alpha.2","v1.3.0-alpha.5","v1.3.0-alpha.4","v1.3.0-alpha.3","v1.3.0-alpha.1","v1.3.0-alpha.2","v1.3.0-alpha.0","v1.2.0-alpha.8","v1.2.0-alpha.7","v1.2.0-alpha.6","v1.2.0-alpha.5","v1.2.0-alpha.4","v1.2.0-alpha.3","v1.2.0-alpha.2","v1.2.0-alpha.1","v1.1.0-alpha.1","v1.1.0-alpha.0","v0.17.0","v0.13.1-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3162.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}