Lucene search
GitHub Advisory DatabaseGHSA-CH7V-37XG-75PHHistoryMar 03, 2023 - 6:30 p.m.
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
2023-03-0318:30:27
CWE-923
GitHub Advisory Database
github.com
10
coredns
vulnerability
communication
restriction
internal services
CVSS3
4.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
0
Percentile
9.0%
A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.
Affected configurations
Node
coredns.iocorednsRange≤1.9.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| coredns.io | coredns | * | cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:* |
Related
osv
osv
CGA-g585-m29f-fqp4
2024-06-06 12:25:56
CGA-p57j-72gg-7qfm
2024-06-06 12:28:38
CGA-35r2-m46w-fxjw
2024-06-06 12:21:27
prion
prion
Format string
2023-03-03 16:15:00
redhatcve
redhatcve
CVE-2022-2835
2022-08-16 09:08:21
cve
cve
CVE-2022-2835
2023-03-03 16:15:09
nvd
nvd
CVE-2022-2835
2023-03-03 16:15:09
cvelist
cvelist
CVE-2022-2835
2023-03-03 00:00:00
cgr
cgr
CVE-2022-2835 vulnerabilities
2024-05-19 03:07:16
CVSS3
4.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
0
Percentile
9.0%
Related for GHSA-CH7V-37XG-75PH