Unrated severityNVD Advisory· Published Sep 1, 2022· Updated Aug 3, 2024

CVE-2022-1677

Description

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

Affected products

N/A/Openshiftv5
Range: Openshift 3.11 and 4.6 onwards

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2022-1677mitrex_refsource_MISC
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000