OpenShift doesn't properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route.
CVSS
No CVSS.
References
No reference.
Configurations
No configuration.
History
06 Sep 2022, 22:10
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-08-31 16:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-2220
Mitre link : CVE-2022-2220
CVE.ORG link : CVE-2022-2220
JSON object : View
Products Affected
No product.
CWE
No CWE.