In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2076211 | Issue Tracking Patch Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2022-1677 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-09-01 14:15
Updated : 2023-02-12 14:15
NVD link : CVE-2022-1677
Mitre link : CVE-2022-1677
JSON object : View
CWE
CWE-400
Uncontrolled Resource Consumption
Products Affected
redhat
- openshift_container_platform