cvedb.io
CVE-2022-1677
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2022-09-01T21:15:09.007 · Last modified 2026-06-17T04:22:54.473

Summary

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.

Affected products

redhat — openshift_container_platform

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.