CVE-2022-1677

EUVD-2022-24963
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
redhatopenshift_container_platform
3.11
redhatopenshift_container_platform
4.6
redhatopenshift_container_platform
4.7
redhatopenshift_container_platform
4.8
redhatopenshift_container_platform
4.9
redhatopenshift_container_platform
4.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2022-1677
https://bugzilla.redhat.com/show_bug.cgi?id=2076211
https://access.redhat.com/security/cve/CVE-2022-1677
https://bugzilla.redhat.com/show_bug.cgi?id=2076211