CVE-2022-2835

coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in go/github.com/coredns/coredns

Identifiers

GHSA-ch7v-37xg-75ph, CVE-2022-2835

Package Slug

go/github.com/coredns/coredns

Vulnerability

coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints

Description

A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc.

Affected Versions

All versions up to 1.9.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-03-06

source