Описание
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
Меры по смягчению последствий
- Add a default admission controller to prevent the creation of projects or namespaces that match any TLDs.
- Add a warning to the OpenShift documentation that informs users of the potential for abuse in the event any namespaces match a TLD. This warning already exists in the Kubernetes documentation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift4/ose-coredns-rhel9 | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-923->CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=2118543coreDNS: DNS Redirection of Top-Level Domains
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
почти 3 года назад
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
CVSS3: 6.1
debian
почти 3 года назад
A flaw was found in coreDNS. This flaw allows a malicious user to redi ...
CVSS3: 6.1
github
почти 3 года назад
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
4.3 Medium
CVSS3