CVE-2022-1677

CVE Database · CVE-2022-1677

CVE-2022-1677

· MEDIUMModified

CVSS v3.1

6.3

EPSS

0.48%

Published

Sep 1, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-400

Affected Products (6)

redhat · openshift_container_platformvulnerable

References (4)

https://access.redhat.com/security/cve/CVE-2022-1677

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2076211

Issue TrackingPatchVendor Advisory

https://access.redhat.com/security/cve/CVE-2022-1677

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2076211

Issue TrackingPatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs