In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-09-01T19:51:43

Updated: 2024-08-03T00:10:03.820Z

Reserved: 2022-05-11T00:00:00

Link: CVE-2022-1677

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-01T21:15:09.007

Modified: 2024-11-21T06:41:14.017

Link: CVE-2022-1677

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-05-13T00:00:00Z

Links: CVE-2022-1677 - Bugzilla