CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1677

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.2%

CVSS Severity

CVSS v3 Score 6.3

References

Products affected by CVE-2022-1677

Redhat » Openshift Container Platform » Version: 3.11

cpe:2.3:a:redhat:openshift_container_platform:3.11
Redhat » Openshift Container Platform » Version: 4.10

cpe:2.3:a:redhat:openshift_container_platform:4.10
Redhat » Openshift Container Platform » Version: 4.6

cpe:2.3:a:redhat:openshift_container_platform:4.6
Redhat » Openshift Container Platform » Version: 4.7

cpe:2.3:a:redhat:openshift_container_platform:4.7
Redhat » Openshift Container Platform » Version: 4.8

cpe:2.3:a:redhat:openshift_container_platform:4.8
Redhat » Openshift Container Platform » Version: 4.9

cpe:2.3:a:redhat:openshift_container_platform:4.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-1677

Products

Pricing

Contact Us