CVE-2022-28224 (GCVE-0-2022-28224)
Vulnerability from cvelistv5
Published
2022-06-06 17:19
Modified
2024-09-16 20:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
CWE
  • CWE-200 - Information Exposure
  • CWE-201 - Information Exposure Through Sent Data
Summary
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
References
psirt@tigera.iohttps://www.tigera.io/security-bulletins-tta-2022-001/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tigera.io/security-bulletins-tta-2022-001/Vendor Advisory
Impacted products
Vendor Product Version
Tigera Calico Enterprise Version: unspecified   <
Create a notification for this product.
   Project Calico Calico Version: unspecified   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Calico Enterprise",
          "vendor": "Tigera",
          "versions": [
            {
              "lessThanOrEqual": "v3.12.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Calico",
          "vendor": "Project Calico",
          "versions": [
            {
              "lessThanOrEqual": "v3.22.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-201",
              "description": "CWE-201 Information Exposure Through Sent Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T17:19:12",
        "orgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
        "shortName": "Tigera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
        }
      ],
      "title": "Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@tigera.io",
          "DATE_PUBLIC": "2022-06-01T21:01:00.000Z",
          "ID": "CVE-2022-28224",
          "STATE": "PUBLIC",
          "TITLE": "Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Calico Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "v3.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Tigera"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Calico",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "v3.22.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Project Calico"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-201 Information Exposure Through Sent Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tigera.io/security-bulletins-tta-2022-001/",
              "refsource": "MISC",
              "url": "https://www.tigera.io/security-bulletins-tta-2022-001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e6d453f4-3dae-4941-bcea-9af25f4e824d",
    "assignerShortName": "Tigera",
    "cveId": "CVE-2022-28224",
    "datePublished": "2022-06-06T17:19:12.810566Z",
    "dateReserved": "2022-03-30T00:00:00",
    "dateUpdated": "2024-09-16T20:31:41.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-28224\",\"sourceIdentifier\":\"psirt@tigera.io\",\"published\":\"2022-06-06T18:15:09.360\",\"lastModified\":\"2025-09-30T18:45:43.153\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.\"},{\"lang\":\"es\",\"value\":\"Los cl\u00fasteres usando Calico (versiones 3.22.1 y anteriores), Calico Enterprise (versiones 3.12.0 y anteriores), pueden ser vulnerables al secuestro de rutas con la funci\u00f3n de IP flotante. Debido a una comprobaci\u00f3n insuficiente, un atacante privilegiado puede ser capaz de establecer una anotaci\u00f3n de IP flotante a un pod incluso si la caracter\u00edstica no est\u00e1 habilitada. Esto puede permitir al atacante interceptar y redirigir el tr\u00e1fico a su pod comprometido\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@tigera.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@tigera.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-201\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*\",\"versionEndExcluding\":\"3.20.5\",\"matchCriteriaId\":\"162FAB6F-BD82-4E43-B77C-8951E2DAA134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*\",\"versionStartIncluding\":\"3.21.0\",\"versionEndExcluding\":\"3.21.5\",\"matchCriteriaId\":\"AAD77006-92F6-4BEA-95F3-799B4A2D30D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*\",\"versionStartIncluding\":\"3.22.0\",\"versionEndExcluding\":\"3.22.2\",\"matchCriteriaId\":\"84190BD4-C9DF-4DFA-A74C-2F32DCF58316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico_enterprise:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.11.4\",\"matchCriteriaId\":\"4E4832D7-F220-4771-8B01-54327CB11938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tigera:calico_enterprise:3.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F8BCF7-776F-4B3B-AE3D-3004DA243527\"}]}]}],\"references\":[{\"url\":\"https://www.tigera.io/security-bulletins-tta-2022-001/\",\"source\":\"psirt@tigera.io\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tigera.io/security-bulletins-tta-2022-001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.