Home > Vulnerability Database > CVE-2022-1677

Mend.io Vulnerability Database

CVE-2022-1677

Date: September 1, 2022

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

Language: Go

Severity Score

6.3

Related Resources (11)

Url: https://access.redhat.com/errata/RHSA-2022:2272

Url: https://access.redhat.com/errata/RHSA-2022:2283

Url: https://access.redhat.com/errata/RHSA-2022:2281

Url: https://access.redhat.com/security/cve/CVE-2022-1677

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-1677

Url: https://github.com/openshift/router/commit/30dd5b765fc302208bf86a880223513b8f86e65e

Url: https://access.redhat.com/errata/RHSA-2022:2268

Url: https://access.redhat.com/errata/RHBA-2022:1690

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2076211

Url: https://access.redhat.com/errata/RHSA-2022:2264

Url: https://www.mend.io/vulnerability-database/CVE-2022-1677

Severity Score

6.3

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-1677

Date: September 1, 2022

Language: Go

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?