CVE-2022-3262

A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2128858	Issue Tracking Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2128858	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*

History

21 Nov 2024, 07:19

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2128858 - Issue Tracking, Vendor Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2128858 - Issue Tracking, Vendor Advisory
Summary		(es) Se encontró un fallo en Openshift. Un pod con una política DNS de "ClusterFirst" puede resolver incorrectamente el nombre de host según un servicio proporcionado. Esta falla permite que un atacante proporcione un nombre incorrecto con la política de búsqueda de DNS, lo que afecta la confidencialidad y la disponibilidad.

Information

Published : 2022-12-08 16:15

Updated : 2025-04-23 16:15

NVD link : CVE-2022-3262

Mitre link : CVE-2022-3262

CVE.ORG link : CVE-2022-3262

JSON object : View

Products Affected

redhat

openshift

CWE

CWE-453

Insecure Default Variable Initialization

CWE-1188

Initialization of a Resource with an Insecure Default

{"id": "CVE-2022-3262", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2022-12-08T16:15:13.293", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128858", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128858", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-453"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1188"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Openshift. A pod with a DNSPolicy of \"ClusterFirst\" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Openshift. Un pod con una pol\u00edtica DNS de \"ClusterFirst\" puede resolver incorrectamente el nombre de host seg\u00fan un servicio proporcionado. Esta falla permite que un atacante proporcione un nombre incorrecto con la pol\u00edtica de b\u00fasqueda de DNS, lo que afecta la confidencialidad y la disponibilidad."}], "lastModified": "2025-04-23T16:15:24.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0189F456-4CE5-4E94-83F9-9EC636C72F18"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}