CVE-2022-1677

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.
References
Link Resource
https://access.redhat.com/security/cve/CVE-2022-1677 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2076211 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-01 21:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-1677

Mitre link : CVE-2022-1677

CVE.ORG link : CVE-2022-1677


JSON object : View

Products Affected

redhat

  • openshift_container_platform
CWE
CWE-400

Uncontrolled Resource Consumption

NVD-CWE-noinfo