Vulnerabilities > CVE-2022-3262 - Insecure Default Initialization of Resource vulnerability in Redhat Openshift 4.9

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

redhat

CWE-1188

NVD

Published: 2022-12-08

Updated: 2022-12-12

Summary

A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openshift 4.9	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://bugzilla.redhat.com/show_bug.cgi?id=2128858