Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1677

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

Published

2022-09-01T21:15:09.007

Last Modified

2024-11-21T06:41:14.017

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-400
Type: Secondary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift_container_platform	3.11	Yes
Application	redhat	openshift_container_platform	4.6	Yes
Application	redhat	openshift_container_platform	4.7	Yes
Application	redhat	openshift_container_platform	4.8	Yes
Application	redhat	openshift_container_platform	4.9	Yes
Application	redhat	openshift_container_platform	4.10	Yes

References

https://access.redhat.com/security/cve/CVE-2022-1677 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2076211 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-1677 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2076211 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)