CVE-2022-1677

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2076211 Issue Tracking Patch Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-1677 Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*

Information

Published : 2022-09-01 14:15

Updated : 2023-02-12 14:15


NVD link : CVE-2022-1677

Mitre link : CVE-2022-1677


JSON object : View

CWE
CWE-400

Uncontrolled Resource Consumption

Advertisement

dedicated server usa

Products Affected

redhat

  • openshift_container_platform