Search criteria
4 vulnerabilities
CVE-2024-33522 (GCVE-0-2024-33522)
Vulnerability from cvelistv5 – Published: 2024-04-29 22:19 – Updated: 2024-08-02 02:36
VLAI?
Summary
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.
Severity ?
6.7 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Tigera | Calico |
Affected:
0 , < v3.26.5
(semver)
Affected: v3.27.0 , < v3.27.3 (semver) Unaffected: v3.28.0 |
||||||||||||
|
||||||||||||||
Credits
Christopher Alonso (Github: @latortuga71)
Anthony Tam
Behnam Shobiri
Pedro Coutinho
Matt Dupre
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tigera:calico:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "calico",
"vendor": "tigera",
"versions": [
{
"lessThan": "v3.26.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "v3.27.3",
"status": "affected",
"version": "v3.27.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v3.28.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:tigera:calico_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "calico_enterprise",
"vendor": "tigera",
"versions": [
{
"lessThan": "v3.17.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "v3.18.2",
"status": "affected",
"version": "v3.18.0",
"versionType": "semver"
},
{
"lessThan": "v3.19.0-2.0",
"status": "affected",
"version": "v3.19.0-1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:tigera:calico_cloud:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "calico_cloud",
"vendor": "tigera",
"versions": [
{
"lessThan": "v19.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T16:51:23.967533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:09:59.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/projectcalico/calico/issues/7981"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/projectcalico/calico/pull/8447"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/projectcalico/calico/pull/8517"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tigera.io/security-bulletins-tta-2024-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "cni-plugin",
"product": "Calico",
"repo": "https://www.tigera.io/tigera-products/calico/",
"vendor": "Tigera",
"versions": [
{
"lessThan": "v3.26.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "v3.27.3",
"status": "affected",
"version": "v3.27.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v3.28.0"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "cni-plugin",
"product": "Calico Enterprise ",
"vendor": "Tigera",
"versions": [
{
"lessThan": "v3.17.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "v3.18.2",
"status": "affected",
"version": "v3.18.0",
"versionType": "semver"
},
{
"lessThan": "v3.19.0-2.0",
"status": "affected",
"version": "v3.19.0-1.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "cni-plugin",
"product": "Calico Cloud",
"vendor": "Tigera",
"versions": [
{
"lessThan": "v19.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christopher Alonso (Github: @latortuga71)"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Anthony Tam"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "Behnam Shobiri"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Pedro Coutinho"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Matt Dupre"
}
],
"datePublic": "2024-04-29T19:57:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eIn vulnerable \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eversions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T22:19:06.908Z",
"orgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
"shortName": "Tigera"
},
"references": [
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/projectcalico/calico/issues/7981"
},
{
"tags": [
"patch"
],
"url": "https://github.com/projectcalico/calico/pull/8447"
},
{
"tags": [
"patch"
],
"url": "https://github.com/projectcalico/calico/pull/8517"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tigera.io/security-bulletins-tta-2024-001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in Calico CNI install binary",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
"assignerShortName": "Tigera",
"cveId": "CVE-2024-33522",
"datePublished": "2024-04-29T22:19:06.908Z",
"dateReserved": "2024-04-23T16:32:33.170Z",
"dateUpdated": "2024-08-02T02:36:04.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41378 (GCVE-0-2023-41378)
Vulnerability from cvelistv5 – Published: 2023-11-06 15:00 – Updated: 2024-09-05 13:40
VLAI?
Summary
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Rodrigo Fior Kuntzer (Github: rodrigorfk)
Anthony Tam
Behnam Shobiri
Shaun Crampton
Matt Dupre
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"release-notes",
"x_transferred"
],
"url": "https://www.tigera.io/security-bulletins-tta-2023-001/"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/projectcalico/calico/pull/7908"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/projectcalico/calico/pull/7993"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:calico:typha:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "typha",
"vendor": "calico",
"versions": [
{
"lessThanOrEqual": "v3.26.2",
"status": "affected",
"version": "v3.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v3.25.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:tigera:calico:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "calico",
"vendor": "tigera",
"versions": [
{
"lessThanOrEqual": "v3.17.1",
"status": "affected",
"version": "v3.17.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v3.16.3",
"status": "affected",
"version": "v3.16.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v3.15.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:31:52.190285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:40:37.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Typha",
"vendor": "Calico",
"versions": [
{
"lessThanOrEqual": "v3.26.2",
"status": "affected",
"version": "v3.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v3.25.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Typha",
"vendor": "Tigera",
"versions": [
{
"lessThanOrEqual": "v3.17.1",
"status": "affected",
"version": "v3.17.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v3.16.3",
"status": "affected",
"version": "v3.16.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v3.15.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rodrigo Fior Kuntzer (Github: rodrigorfk)"
},
{
"lang": "en",
"type": "remediation verifier",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Anthony Tam"
},
{
"lang": "en",
"type": "remediation reviewer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Behnam Shobiri"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shaun Crampton"
},
{
"lang": "en",
"type": "remediation reviewer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matt Dupre"
}
],
"datePublic": "2023-11-06T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eIn certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T15:00:53.249Z",
"orgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
"shortName": "Tigera"
},
"references": [
{
"tags": [
"vendor-advisory",
"release-notes"
],
"url": "https://www.tigera.io/security-bulletins-tta-2023-001/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/projectcalico/calico/pull/7908"
},
{
"tags": [
"patch"
],
"url": "https://github.com/projectcalico/calico/pull/7993"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Calico Typha hangs during unclean TLS handshake",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
"assignerShortName": "Tigera",
"cveId": "CVE-2023-41378",
"datePublished": "2023-11-06T15:00:53.249Z",
"dateReserved": "2023-08-29T17:03:16.306Z",
"dateUpdated": "2024-09-05T13:40:37.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28224 (GCVE-0-2022-28224)
Vulnerability from cvelistv5 – Published: 2022-06-06 17:19 – Updated: 2024-09-16 20:31
VLAI?
Summary
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
Severity ?
5.5 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tigera | Calico Enterprise |
Affected:
unspecified , ≤ v3.12.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calico Enterprise",
"vendor": "Tigera",
"versions": [
{
"lessThanOrEqual": "v3.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Calico",
"vendor": "Project Calico",
"versions": [
{
"lessThanOrEqual": "v3.22.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Information Exposure Through Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T17:19:12",
"orgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
"shortName": "Tigera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
}
],
"title": "Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@tigera.io",
"DATE_PUBLIC": "2022-06-01T21:01:00.000Z",
"ID": "CVE-2022-28224",
"STATE": "PUBLIC",
"TITLE": "Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calico Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v3.12.0"
}
]
}
}
]
},
"vendor_name": "Tigera"
},
{
"product": {
"product_data": [
{
"product_name": "Calico",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v3.22.1"
}
]
}
}
]
},
"vendor_name": "Project Calico"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-201 Information Exposure Through Sent Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tigera.io/security-bulletins-tta-2022-001/",
"refsource": "MISC",
"url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
"assignerShortName": "Tigera",
"cveId": "CVE-2022-28224",
"datePublished": "2022-06-06T17:19:12.810566Z",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-09-16T20:31:41.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13597 (GCVE-0-2020-13597)
Vulnerability from cvelistv5 – Published: 2020-06-03 16:44 – Updated: 2024-09-16 19:24
VLAI?
Summary
Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.
Severity ?
6 (Medium)
CWE
- CWE-201 - Information Exposure Through Sent Data
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tigera Inc | Calico |
Affected:
3.14.0
Affected: unspecified , ≤ 3.13.3 (custom) Affected: unspecified , ≤ 3.12.1 (custom) Affected: unspecified , ≤ 3.11.2 (custom) Affected: unspecified , ≤ 3.10.3 (custom) Affected: unspecified , ≤ 3.9.5 (custom) Affected: unspecified , ≤ 3.8.8 (custom) Affected: 3.7.x Affected: 3.6.x Affected: 3.5.x Affected: 3.4.x Affected: 3.3.x Affected: 3.2.x Affected: 3.1.x Affected: 3.0.x Affected: 2.6.x Affected: 2.5.x Affected: 2.4.x Affected: 2.3.x Affected: 2.2.x Affected: 2.1.x Affected: 2.0.x Affected: 1.6.x Affected: 1.5.x |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.projectcalico.org/security-bulletins/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/91507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calico",
"vendor": "Tigera Inc",
"versions": [
{
"status": "affected",
"version": "3.14.0"
},
{
"lessThanOrEqual": "3.13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.10.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.9.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.8.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.7.x"
},
{
"status": "affected",
"version": "3.6.x"
},
{
"status": "affected",
"version": "3.5.x"
},
{
"status": "affected",
"version": "3.4.x"
},
{
"status": "affected",
"version": "3.3.x"
},
{
"status": "affected",
"version": "3.2.x"
},
{
"status": "affected",
"version": "3.1.x"
},
{
"status": "affected",
"version": "3.0.x"
},
{
"status": "affected",
"version": "2.6.x"
},
{
"status": "affected",
"version": "2.5.x"
},
{
"status": "affected",
"version": "2.4.x"
},
{
"status": "affected",
"version": "2.3.x"
},
{
"status": "affected",
"version": "2.2.x"
},
{
"status": "affected",
"version": "2.1.x"
},
{
"status": "affected",
"version": "2.0.x"
},
{
"status": "affected",
"version": "1.6.x"
},
{
"status": "affected",
"version": "1.5.x"
}
]
},
{
"product": "Calico Enterprise",
"vendor": "Tigera Inc",
"versions": [
{
"lessThanOrEqual": "2.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.7.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.5.x"
},
{
"status": "affected",
"version": "2.4.x"
},
{
"status": "affected",
"version": "2.3.x"
},
{
"status": "affected",
"version": "2.2.x"
},
{
"status": "affected",
"version": "2.1.x"
},
{
"status": "affected",
"version": "2.0.x"
}
]
}
],
"datePublic": "2020-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node\u2019s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Information Exposure Through Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T16:44:38",
"orgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
"shortName": "Tigera"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.projectcalico.org/security-bulletins/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/91507"
}
],
"source": {
"advisory": "TTA-2020-001",
"discovery": "EXTERNAL"
},
"title": "Calico nodes IPv6 traffic redirection from route advertisment",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@tigera.io",
"DATE_PUBLIC": "2020-06-01T16:27:00.000Z",
"ID": "CVE-2020-13597",
"STATE": "PUBLIC",
"TITLE": "Calico nodes IPv6 traffic redirection from route advertisment"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calico",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.14.0"
},
{
"version_affected": "\u003c=",
"version_value": "3.13.3"
},
{
"version_affected": "\u003c=",
"version_value": "3.12.1"
},
{
"version_affected": "\u003c=",
"version_value": "3.11.2"
},
{
"version_affected": "\u003c=",
"version_value": "3.10.3"
},
{
"version_affected": "\u003c=",
"version_value": "3.9.5"
},
{
"version_affected": "\u003c=",
"version_value": "3.8.8"
},
{
"version_affected": "=",
"version_value": "3.7.x"
},
{
"version_affected": "=",
"version_value": "3.6.x"
},
{
"version_affected": "=",
"version_value": "3.5.x"
},
{
"version_affected": "=",
"version_value": "3.4.x"
},
{
"version_affected": "=",
"version_value": "3.3.x"
},
{
"version_affected": "=",
"version_value": "3.2.x"
},
{
"version_affected": "=",
"version_value": "3.1.x"
},
{
"version_affected": "=",
"version_value": "3.0.x"
},
{
"version_affected": "=",
"version_value": "2.6.x"
},
{
"version_affected": "=",
"version_value": "2.5.x"
},
{
"version_affected": "=",
"version_value": "2.4.x"
},
{
"version_affected": "=",
"version_value": "2.3.x"
},
{
"version_affected": "=",
"version_value": "2.2.x"
},
{
"version_affected": "=",
"version_value": "2.1.x"
},
{
"version_affected": "=",
"version_value": "2.0.x"
},
{
"version_affected": "=",
"version_value": "1.6.x"
},
{
"version_affected": "=",
"version_value": "1.5.x"
}
]
}
}
]
},
"vendor_name": "Tigera Inc"
},
{
"product": {
"product_data": [
{
"product_name": "Calico Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.8.2"
},
{
"version_affected": "\u003c=",
"version_value": "2.7.4"
},
{
"version_affected": "\u003c=",
"version_value": "2.6.2"
},
{
"version_affected": "=",
"version_value": "2.5.x"
},
{
"version_affected": "=",
"version_value": "2.4.x"
},
{
"version_affected": "=",
"version_value": "2.3.x"
},
{
"version_affected": "=",
"version_value": "2.2.x"
},
{
"version_affected": "=",
"version_value": "2.1.x"
},
{
"version_affected": "=",
"version_value": "2.0.x"
}
]
}
}
]
},
"vendor_name": "Tigera Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node\u2019s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201 Information Exposure Through Sent Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.projectcalico.org/security-bulletins/",
"refsource": "CONFIRM",
"url": "https://www.projectcalico.org/security-bulletins/"
},
{
"name": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/91507",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/91507"
}
]
},
"source": {
"advisory": "TTA-2020-001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
"assignerShortName": "Tigera",
"cveId": "CVE-2020-13597",
"datePublished": "2020-06-03T16:44:38.089338Z",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-09-16T19:24:54.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}