CVE-2022-2837
Description
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CoreDNS flaw allows malicious users to redirect DNS traffic for top-level domains to attacker-controlled pods via namespace creation.
Vulnerability
Description A flaw in CoreDNS, a DNS server/forwarder, allows a malicious user to redirect traffic intended for external top-level domains (TLDs) to a pod they control. This is achieved by creating projects and namespaces that match the TLD. The vulnerability arises from how CoreDNS handles DNS queries for external domains when integrated with Kubernetes, as it may resolve namespaces as authoritative for those domains.
Exploitation
An attacker with the ability to create namespaces or projects in a Kubernetes cluster can exploit this flaw. By creating a namespace that matches an external TLD (e.g., "com"), CoreDNS may incorrectly treat queries for domains under that TLD as local queries, redirecting them to a pod controlled by the attacker. No authentication beyond namespace creation privileges is required.
Impact
Successful exploitation allows the attacker to intercept and potentially modify DNS responses for external top-level domains. This can lead to traffic redirection, data exfiltration, or man-in-the-middle attacks, compromising the confidentiality and integrity of network communications.
Mitigation
As of the publication date (2023-03-03), users should update CoreDNS to a patched version if available. The CoreDNS project is maintained on GitHub [1], and the NVD entry [2] provides details. Administrators should also review namespace creation permissions and consider network policies to limit exposure.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/coredns/corednsGo | <= 1.9.3 | — |
Affected products
19- osv-coords18 versionspkg:apk/chainguard/corednspkg:apk/chainguard/coredns-compatpkg:apk/chainguard/coredns-fipspkg:apk/chainguard/eks-distro-coredns-1.8pkg:apk/chainguard/eks-distro-coredns-1.9pkg:apk/chainguard/eks-distro-coredns-fips-1.10pkg:apk/chainguard/juicefs-1.2pkg:apk/chainguard/juicefs-1.2-compatpkg:apk/chainguard/juicefs-1.3pkg:apk/chainguard/juicefs-1.3-compatpkg:apk/chainguard/kubernetes-dns-node-cache-1.17pkg:apk/chainguard/kuma-corednspkg:apk/wolfi/corednspkg:apk/wolfi/coredns-compatpkg:apk/wolfi/juicefs-1.3pkg:apk/wolfi/juicefs-1.3-compatpkg:apk/wolfi/kuma-corednspkg:golang/github.com/coredns/coredns
< 0+ 17 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.2.4-r1
- (no CPE)range: < 1.2.4-r1
- (no CPE)range: < 1.3.0-r2
- (no CPE)range: < 1.3.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.3.0-r2
- (no CPE)range: < 1.3.0-r2
- (no CPE)range: < 0
- (no CPE)range: <= 1.9.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-h828-v5pv-33qxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2837ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaWEB
News mentions
0No linked articles in our index yet.