← Back

CVE-2022-1677

nvd nist
Published: Sep 1, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability: 2.8 / Impact: 3.4
Source: NVD

Description

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

Affected (6)

Redhat
1 product
Openshift Container Platform
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Openshift Container Platform
Version 3.11
Openshift Container Platform
Version 4.10
Openshift Container Platform
Version 4.6
Openshift Container Platform
Version 4.7
Openshift Container Platform
Version 4.8
Openshift Container Platform
Version 4.9

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory

Timeline

No history available yet.