CVE-2022-2835

Опубликовано: 16 авг. 2022

Источник: redhat

CVSS3: 4.4

Описание

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.

Меры по смягчению последствий

Consider adding the svc namespace to the DNS operator to prevent a low-privileged user from creating it. Alternatively, add a default admission controller to prevent this namespace from being created by a non-privileged user.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 4	openshift4/ose-coredns-rhel9	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-923

https://bugzilla.redhat.com/show_bug.cgi?id=2118542coreDNS: DNS Redirection of Internal Services

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2022-2835

CVSS3: 4.4

nvd

почти 3 года назад

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.

CVE-2022-2835

CVSS3: 4.4

debian

почти 3 года назад

A flaw was found in coreDNS. This flaw allows a malicious user to rero ...

GHSA-ch7v-37xg-75ph

CVSS3: 4.4

github

почти 3 года назад

coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints

4.4 Medium

CVSS3