CVE-2022-28224

Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature

CVSS 5.5 MEDIUMEPSS 0.6%CWE-200 CWE-201

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 Jun 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

Affected products

Project Calico · Calico Tigera · Calico Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tigera.io/security-bulletins-tta-2022-001/