6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-2837

GHSA ID

GHSA-h828-v5pv-33qx

EPSS Score

0.33422%

CWE

CWE-601

Published

3/3/2023

Updated

3/14/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-2837

CVE-2022-2837: coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-2837

GHSA ID

GHSA-h828-v5pv-33qx

EPSS Score

0.33422%

CWE

CWE-601

Published

3/3/2023

Updated

3/14/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/coredns/coredns	go	<= 1.9.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in *or**NS. T*is *l*w *llows * m*li*ious us*r to r**ir**t tr***i* int*n*** *or *xt*rn*l top-l*v*l *om*ins (TL*) to * po* t**y *ontrol *y *r**tin* proj**ts *n* n*m*sp***s t**t m*t** t** TL*.

Reasoning

No *n*lysis *v*il**l*

6.1

Basic Information

Concerned about an active attack path?

CVE-2022-2837: coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI