CVE-2022-28224 (GCVE-0-2022-28224)

Vulnerability from cvelistv5 – Published: 2022-06-06 17:19 – Updated: 2024-09-16 20:31
VLAI?
Title
Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature
Summary
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
CWE
  • CWE-200 - Information Exposure
  • CWE-201 - Information Exposure Through Sent Data
Assigner
References
Impacted products
Vendor Product Version
Tigera Calico Enterprise Affected: unspecified , ≤ v3.12.0 (custom)
Create a notification for this product.
    Project Calico Calico Affected: unspecified , ≤ v3.22.1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Calico Enterprise",
          "vendor": "Tigera",
          "versions": [
            {
              "lessThanOrEqual": "v3.12.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Calico",
          "vendor": "Project Calico",
          "versions": [
            {
              "lessThanOrEqual": "v3.22.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-201",
              "description": "CWE-201 Information Exposure Through Sent Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T17:19:12",
        "orgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
        "shortName": "Tigera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
        }
      ],
      "title": "Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@tigera.io",
          "DATE_PUBLIC": "2022-06-01T21:01:00.000Z",
          "ID": "CVE-2022-28224",
          "STATE": "PUBLIC",
          "TITLE": "Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Calico Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "v3.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Tigera"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Calico",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "v3.22.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Project Calico"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-201 Information Exposure Through Sent Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tigera.io/security-bulletins-tta-2022-001/",
              "refsource": "MISC",
              "url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
    "assignerShortName": "Tigera",
    "cveId": "CVE-2022-28224",
    "datePublished": "2022-06-06T17:19:12.810566Z",
    "dateReserved": "2022-03-30T00:00:00",
    "dateUpdated": "2024-09-16T20:31:41.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tigera:calico_enterprise:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.11.4\", \"matchCriteriaId\": \"4E4832D7-F220-4771-8B01-54327CB11938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tigera:calico_enterprise:3.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6F8BCF7-776F-4B3B-AE3D-3004DA243527\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:tigera:calico_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.20.5\", \"matchCriteriaId\": \"7A57465D-F482-4BF7-9250-B36F91743FD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:tigera:calico_os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.21.0\", \"versionEndExcluding\": \"3.21.5\", \"matchCriteriaId\": \"620C1B05-AAF2-4033-9EA9-79ECF60715DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:tigera:calico_os:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.22.0\", \"versionEndExcluding\": \"3.22.2\", \"matchCriteriaId\": \"865171A1-8726-446C-8545-609E9D154A42\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.\"}, {\"lang\": \"es\", \"value\": \"Los cl\\u00fasteres usando Calico (versiones 3.22.1 y anteriores), Calico Enterprise (versiones 3.12.0 y anteriores), pueden ser vulnerables al secuestro de rutas con la funci\\u00f3n de IP flotante. Debido a una comprobaci\\u00f3n insuficiente, un atacante privilegiado puede ser capaz de establecer una anotaci\\u00f3n de IP flotante a un pod incluso si la caracter\\u00edstica no est\\u00e1 habilitada. Esto puede permitir al atacante interceptar y redirigir el tr\\u00e1fico a su pod comprometido\"}]",
      "id": "CVE-2022-28224",
      "lastModified": "2024-11-21T06:56:59.077",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@tigera.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:P\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-06T18:15:09.360",
      "references": "[{\"url\": \"https://www.tigera.io/security-bulletins-tta-2022-001/\", \"source\": \"psirt@tigera.io\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tigera.io/security-bulletins-tta-2022-001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@tigera.io",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@tigera.io\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-201\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-28224\",\"sourceIdentifier\":\"psirt@tigera.io\",\"published\":\"2022-06-06T18:15:09.360\",\"lastModified\":\"2025-09-30T18:45:43.153\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.\"},{\"lang\":\"es\",\"value\":\"Los cl\u00fasteres usando Calico (versiones 3.22.1 y anteriores), Calico Enterprise (versiones 3.12.0 y anteriores), pueden ser vulnerables al secuestro de rutas con la funci\u00f3n de IP flotante. Debido a una comprobaci\u00f3n insuficiente, un atacante privilegiado puede ser capaz de establecer una anotaci\u00f3n de IP flotante a un pod incluso si la caracter\u00edstica no est\u00e1 habilitada. Esto puede permitir al atacante interceptar y redirigir el tr\u00e1fico a su pod comprometido\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@tigera.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@tigera.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-201\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*\",\"versionEndExcluding\":\"3.20.5\",\"matchCriteriaId\":\"162FAB6F-BD82-4E43-B77C-8951E2DAA134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*\",\"versionStartIncluding\":\"3.21.0\",\"versionEndExcluding\":\"3.21.5\",\"matchCriteriaId\":\"AAD77006-92F6-4BEA-95F3-799B4A2D30D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*\",\"versionStartIncluding\":\"3.22.0\",\"versionEndExcluding\":\"3.22.2\",\"matchCriteriaId\":\"84190BD4-C9DF-4DFA-A74C-2F32DCF58316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico_enterprise:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.11.4\",\"matchCriteriaId\":\"4E4832D7-F220-4771-8B01-54327CB11938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico_enterprise:3.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F8BCF7-776F-4B3B-AE3D-3004DA243527\"}]}]}],\"references\":[{\"url\":\"https://www.tigera.io/security-bulletins-tta-2022-001/\",\"source\":\"psirt@tigera.io\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tigera.io/security-bulletins-tta-2022-001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.