Lucene search
GitHub Advisory DatabaseGHSA-H828-V5PV-33QXHistoryMar 03, 2023 - 6:30 p.m.
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
2023-03-0318:30:27
CWE-601
CWE-923
GitHub Advisory Database
github.com
9
coredns
vulnerability
communication channel
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
31.0%
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.
Affected configurations
Node
coredns.iocorednsRange≤1.9.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| coredns.io | coredns | * | cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:* |
Related
osv
osv
CGA-q3h5-h64q-p5xg
2024-06-06 12:28:55
CGA-gprw-crxv-m54h
2024-06-06 12:25:59
cvelist
cvelist
CVE-2022-2837
2023-03-03 00:00:00
nvd
nvd
CVE-2022-2837
2023-03-03 16:15:09
cgr
cgr
CVE-2022-2837 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2022-2837
2022-08-16 09:08:12
prion
prion
Design/Logic Flaw
2023-03-03 16:15:00
cve
cve
CVE-2022-2837
2023-03-03 16:15:09
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
31.0%
Related for GHSA-H828-V5PV-33QX