{"id":"CVE-2022-3162","details":"Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.","aliases":["GHSA-2394-5535-8j88","GO-2023-1628"],"modified":"2026-04-10T04:47:57.178497Z","published":"2023-03-01T19:15:25.457Z","related":["SUSE-SU-2023:2292-1","openSUSE-SU-2024:12781-1","openSUSE-SU-2024:12810-1","openSUSE-SU-2025:15424-1"],"references":[{"type":"ADVISORY","url":"https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230511-0004/"},{"type":"REPORT","url":"https://github.com/kubernetes/kubernetes/issues/113756"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"0"},{"last_affected":"1d79bc3bcccfba7466c44cc2055d6e7442e140ea"},{"introduced":"ab69524f795c42094a6630298ff53f3c3ebab7f4"},{"last_affected":"592eca05be27f7d927d0b25cbb4241d75a9574bf"},{"introduced":"4ce5a8954017644c5420bae81d72b09b735c21f0"},{"last_affected":"e6f35974b08862a23e7f4aad8e5d7f7f2de26c15"},{"introduced":"a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2"},{"last_affected":"434bfd82814af038ad94d62ebe59b133fcb50506"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.22.15"},{"introduced":"1.23.0"},{"last_affected":"1.23.13"},{"introduced":"1.24.0"},{"last_affected":"1.24.7"},{"introduced":"1.25.0"},{"last_affected":"1.25.3"}]}}],"versions":["v0.13.1-dev","v0.17.0","v1.1.0-alpha.0","v1.1.0-alpha.1","v1.10.0-alpha.0","v1.10.0-alpha.1","v1.10.0-alpha.2","v1.10.0-alpha.3","v1.11.0-alpha.0","v1.11.0-alpha.1","v1.11.0-alpha.2","v1.12.0-alpha.0","v1.12.0-alpha.1","v1.13.0-alpha.0","v1.13.0-alpha.1","v1.13.0-alpha.2","v1.13.0-alpha.3","v1.14.0-alpha.0","v1.14.0-alpha.1","v1.14.0-alpha.2","v1.14.0-alpha.3","v1.15.0-alpha.0","v1.15.0-alpha.1","v1.15.0-alpha.2","v1.15.0-alpha.3","v1.16.0-alpha.0","v1.16.0-alpha.1","v1.16.0-alpha.2","v1.16.0-alpha.3","v1.17.0-alpha.0","v1.17.0-alpha.1","v1.17.0-alpha.2","v1.17.0-alpha.3","v1.18.0-alpha.0","v1.18.0-alpha.1","v1.18.0-alpha.2","v1.18.0-alpha.4","v1.18.0-alpha.5","v1.19.0-alpha.0","v1.19.0-alpha.1","v1.19.0-alpha.2","v1.19.0-alpha.3","v1.19.0-beta.0","v1.19.0-beta.1","v1.19.0-beta.2","v1.2.0-alpha.1","v1.2.0-alpha.2","v1.2.0-alpha.3","v1.2.0-alpha.4","v1.2.0-alpha.5","v1.2.0-alpha.6","v1.2.0-alpha.7","v1.2.0-alpha.8","v1.20.0-alpha.0","v1.20.0-alpha.1","v1.20.0-alpha.2","v1.20.0-alpha.3","v1.20.0-beta.0","v1.20.0-beta.1","v1.20.0-beta.2","v1.21.0-alpha.0","v1.21.0-alpha.1","v1.21.0-alpha.2","v1.21.0-alpha.3","v1.21.0-beta.0","v1.21.0-beta.1","v1.22.0","v1.22.0-alpha.0","v1.22.0-alpha.1","v1.22.0-alpha.2","v1.22.0-alpha.3","v1.22.0-beta.0","v1.22.0-beta.1","v1.22.0-beta.2","v1.22.0-rc.0","v1.22.1","v1.22.1-rc.0","v1.22.10","v1.22.10-rc.0","v1.22.11","v1.22.11-rc.0","v1.22.12","v1.22.12-rc.0","v1.22.13","v1.22.13-rc.0","v1.22.14","v1.22.14-rc.0","v1.22.15","v1.22.15-rc.0","v1.22.2","v1.22.2-rc.0","v1.22.3","v1.22.3-rc.0","v1.22.4","v1.22.4-rc.0","v1.22.5","v1.22.5-rc.0","v1.22.6","v1.22.6-rc.0","v1.22.7","v1.22.7-rc.0","v1.22.8","v1.22.8-rc.0","v1.22.9","v1.22.9-rc.0","v1.23.0","v1.23.0-alpha.0","v1.23.1","v1.23.1-rc.0","v1.23.10","v1.23.10-rc.0","v1.23.11","v1.23.11-rc.0","v1.23.12","v1.23.12-rc.0","v1.23.13","v1.23.13-rc.0","v1.23.2","v1.23.2-rc.0","v1.23.3","v1.23.3-rc.0","v1.23.4","v1.23.4-rc.0","v1.23.5","v1.23.5-rc.0","v1.23.6","v1.23.6-rc.0","v1.23.7","v1.23.7-rc.0","v1.23.8","v1.23.8-rc.0","v1.23.9","v1.23.9-rc.0","v1.24.0","v1.24.1","v1.24.1-rc.0","v1.24.2","v1.24.2-rc.0","v1.24.3","v1.24.3-rc.0","v1.24.4","v1.24.4-rc.0","v1.24.5","v1.24.5-rc.0","v1.24.6","v1.24.6-rc.0","v1.24.7","v1.24.7-rc.0","v1.25.0","v1.25.1","v1.25.1-rc.0","v1.25.2","v1.25.2-rc.0","v1.25.3","v1.25.3-rc.0","v1.3.0-alpha.0","v1.3.0-alpha.1","v1.3.0-alpha.2","v1.3.0-alpha.3","v1.3.0-alpha.4","v1.3.0-alpha.5","v1.4.0-alpha.1","v1.4.0-alpha.2","v1.4.0-alpha.3","v1.5.0-alpha.0","v1.5.0-alpha.1","v1.5.0-alpha.2","v1.6.0-alpha.0","v1.6.0-alpha.1","v1.6.0-alpha.2","v1.6.0-alpha.3","v1.7.0-alpha.0","v1.7.0-alpha.1","v1.7.0-alpha.2","v1.7.0-alpha.3","v1.7.0-alpha.4","v1.8.0-alpha.0","v1.8.0-alpha.1","v1.8.0-alpha.2","v1.8.0-alpha.3","v1.9.0-alpha.0","v1.9.0-alpha.1","v1.9.0-alpha.2","v1.9.0-alpha.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3162.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}