CVE-2022-1677
MEDIUMOpenShift Container Platform - Uncontrolled Resource Consumption via Malformed Route Payload
Title source: llmDescription
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.
References (2)
Core 2
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2076211
Vendor Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2022-1677
Scores
CVSS v3
6.3
EPSS
0.0023
EPSS Percentile
45.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-400
Status
published
Products (6)
redhat/openshift_container_platform
3.11
redhat/openshift_container_platform
4.6
redhat/openshift_container_platform
4.7
redhat/openshift_container_platform
4.8
redhat/openshift_container_platform
4.9
redhat/openshift_container_platform
4.10
Published
Sep 01, 2022
Tracked Since
Feb 18, 2026