GHSA-ch7v-37xg-75ph

Опубликовано: 03 мар. 2023

Источник: github

Github: Прошло ревью

CVSS3: 4.4

Описание

coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.

Ссылки

Пакеты

Наименование

github.com/coredns/coredns

Затронутые версииВерсия исправления

<= 1.9.3

Отсутствует

EPSS

Процентиль: 10%

0.00036

Низкий

4.4 Medium

CVSS3

CVE ID

CVE-2022-2835

Дефекты

CWE-923

Связанные уязвимости

CVE-2022-2835

CVSS3: 4.4

redhat

больше 3 лет назад

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.

CVE-2022-2835

CVSS3: 4.4

nvd

почти 3 года назад

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.

CVE-2022-2835

CVSS3: 4.4

debian

почти 3 года назад

A flaw was found in coreDNS. This flaw allows a malicious user to rero ...

EPSS

Процентиль: 10%

0.00036

Низкий

4.4 Medium

CVSS3

CVE ID

CVE-2022-2835

Дефекты

CWE-923