Bug 2118542 (CVE-2022-2835) - CVE-2022-2835 coreDNS: DNS Redirection of Internal Services
Summary: CVE-2022-2835 coreDNS: DNS Redirection of Internal Services
Keywords:
Status: NEW
Alias: CVE-2022-2835
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2118595 2117086
TreeView+ depends on / blocked
 
Reported: 2022-08-16 06:01 UTC by Avinash Hanwate
Modified: 2022-08-22 11:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Avinash Hanwate 2022-08-16 06:01:33 UTC
It was found that a malicious user could reroute internal calls to some internal services that were being accessed by the FQDN in a
format of <service>.<namespace>.svc

References
- https://cwe.mitre.org/data/definitions/923.html
- https://docs.openshift.com/container-platform/4.10/architecture/admission-plug-ins.html#admission-plug-ins-default_admission-plug-ins


Note You need to log in before you can comment on or make changes to this bug.