Published: 01/09/2022 Updated: 12/02/2023

CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8

VMScore: 0

Subscribe to Openshift Container Platform

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openshift container platform 3.11
redhat openshift container platform 4.6
redhat openshift container platform 4.7
redhat openshift container platform 4.8
redhat openshift container platform 4.10
redhat openshift container platform 4.9

Synopsis Moderate: OpenShift Container Platform 4935 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4935 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...

Synopsis Moderate: OpenShift Container Platform 4658 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4658 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...

Synopsis Moderate: OpenShift Container Platform 4751 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4751 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platf ...

Synopsis Moderate: OpenShift Container Platform 4841 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4841 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Cont ...

Synopsis Moderate: OpenShift Container Platform 311705 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 311705 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pl ...

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluste ...

CWE-400 https://bugzilla.redhat.com/show_bug.cgi?id=2076211 https://access.redhat.com/security/cve/CVE-2022-1677 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:2283 https://access.redhat.com/security/cve/cve-2022-1677

CVE-2022-1677

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect