CVE-2022-2837

coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in go/github.com/coredns/coredns

Identifiers

GHSA-h828-v5pv-33qx, CVE-2022-2837

Package Slug

go/github.com/coredns/coredns

Vulnerability

coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints

Description

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.

Affected Versions

All versions up to 1.9.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-03-07

source