Описание
The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.
Отчет
The Red Hat Product Security Team has rated this vulnerability as having a Moderate severity. This happens because, although this type of vulnerability usually may lead to important consequences like web-cache poisoning or to access other vhosts that should not be exposed, the mirror-registry is running as a single vhost in a single pod and is not performing request caching thus not being vulnerable to web-cache poisoning. Additionally the usual password reset manipulation/phishing strategy that could be used with the host header injection is not possible here as such requests are handled by RHSSO instead of the mirror-registry itself.
Меры по смягчению последствий
There's currently no available mitigation for this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| mirror registry for Red Hat OpenShift | mirror-registry-container | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.
The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.
EPSS
6.5 Medium
CVSS3