Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-1677

UNKNOWN
Published 2022-09-01T19:51:43
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-1677. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-qq85-wpwr-7p33

Advisory Details

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-1677
WEB https://access.redhat.com/errata/RHBA-2022:1690
WEB https://access.redhat.com/errata/RHSA-2022:2264
WEB https://access.redhat.com/errata/RHSA-2022:2268
WEB https://access.redhat.com/errata/RHSA-2022:2272
WEB https://access.redhat.com/errata/RHSA-2022:2281
WEB https://access.redhat.com/errata/RHSA-2022:2283
WEB https://access.redhat.com/security/cve/CVE-2022-1677
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2076211

Advisory provided by GitHub Security Advisory Database. Published: September 2, 2022, Modified: September 9, 2022

References

https://bugzilla.redhat.com/show_bug.cgi?id=2076211
https://access.redhat.com/security/cve/CVE-2022-1677
Published: 2022-09-01T19:51:43
Last Modified: 2024-08-03T00:10:03.820Z
Copied to clipboard!