CVE-2022-2220 Information

Description

OpenShift doesn’t properly verify subdomain ownership which allows route takeover. Once a custom route is created the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2101434