Bug 2118543 (CVE-2022-2837) - CVE-2022-2837 coreDNS: DNS Redirection of Top-Level Domains
Summary: CVE-2022-2837 coreDNS: DNS Redirection of Top-Level Domains
Keywords:
Status: NEW
Alias: CVE-2022-2837
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2118598 2117086
TreeView+ depends on / blocked
 
Reported: 2022-08-16 06:08 UTC by Avinash Hanwate
Modified: 2022-08-22 11:36 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Avinash Hanwate 2022-08-16 06:08:39 UTC
It is possible for a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating
projects/namespaces that match the TLD.

References
- https://docs.openshift.com/container-platform/4.10/architecture/admission-plug-ins.html#admission-plug-ins-default_admission-plug-ins
- https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns
- https://cwe.mitre.org/data/definitions/923.html


Note You need to log in before you can comment on or make changes to this bug.