Moderate severityNVD Advisory· Published Jun 6, 2022· Updated Sep 16, 2024
Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature
CVE-2022-28224
Description
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/projectcalico/calicoGo | >= 3.22.0, < 3.22.2 | 3.22.2 |
github.com/projectcalico/calicoGo | >= 3.21.0, < 3.21.5 | 3.21.5 |
github.com/projectcalico/calicoGo | < 3.20.5 | 3.20.5 |
Affected products
44- osv-coords42 versionspkg:apk/chainguard/calicopkg:apk/chainguard/calico-apiserverpkg:apk/chainguard/calico-app-policypkg:apk/chainguard/calico-cnipkg:apk/chainguard/calico-cni-compatpkg:apk/chainguard/calico-cni-fips-compatpkg:apk/chainguard/calicoctlpkg:apk/chainguard/calicoctl-fipspkg:apk/chainguard/calico-felixpkg:apk/chainguard/calico-fipspkg:apk/chainguard/calico-fips-apiserverpkg:apk/chainguard/calico-fips-app-policypkg:apk/chainguard/calico-fips-cnipkg:apk/chainguard/calico-fips-felixpkg:apk/chainguard/calico-fips-key-cert-provisionerpkg:apk/chainguard/calico-fips-kube-controllerspkg:apk/chainguard/calico-fips-nodepkg:apk/chainguard/calico-fips-pod2daemonpkg:apk/chainguard/calico-fips-typha-clientpkg:apk/chainguard/calico-fips-typhadpkg:apk/chainguard/calico-key-cert-provisionerpkg:apk/chainguard/calico-kube-controllerspkg:apk/chainguard/calico-nodepkg:apk/chainguard/calico-pod2daemonpkg:apk/chainguard/calico-pod2daemon-flexvol-compatpkg:apk/chainguard/calico-typha-clientpkg:apk/chainguard/calico-typhadpkg:apk/wolfi/calicopkg:apk/wolfi/calico-apiserverpkg:apk/wolfi/calico-app-policypkg:apk/wolfi/calico-cnipkg:apk/wolfi/calico-cni-compatpkg:apk/wolfi/calicoctlpkg:apk/wolfi/calico-felixpkg:apk/wolfi/calico-key-cert-provisionerpkg:apk/wolfi/calico-kube-controllerspkg:apk/wolfi/calico-nodepkg:apk/wolfi/calico-pod2daemonpkg:apk/wolfi/calico-pod2daemon-flexvol-compatpkg:apk/wolfi/calico-typha-clientpkg:apk/wolfi/calico-typhadpkg:golang/github.com/projectcalico/calico
< 0+ 41 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 3.22.0, < 3.22.2
- Range: unspecified
- Tigera/Calico Enterprisev5Range: unspecified
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-9394-xfq9-6qrpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-28224ghsaADVISORY
- www.tigera.io/security-bulletins-tta-2022-001ghsaWEB
- www.tigera.io/security-bulletins-tta-2022-001/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.