VYPR
Moderate severityNVD Advisory· Published Jun 6, 2022· Updated Sep 16, 2024

Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature

CVE-2022-28224

Description

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/projectcalico/calicoGo
>= 3.22.0, < 3.22.23.22.2
github.com/projectcalico/calicoGo
>= 3.21.0, < 3.21.53.21.5
github.com/projectcalico/calicoGo
< 3.20.53.20.5

Affected products

44

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.