CVE-2022-28224

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.

CVSS v3 5.5 MEDIUM
CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.tigera.io/security-bulletins-tta-2022-001/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tigera:calico_enterprise::::::::
	cpe:2.3:a:tigera:calico_enterprise:3.12.0:::::::*
	cpe:2.3:o:tigera:calico_os::::::::
	cpe:2.3:o:tigera:calico_os::::::::
	cpe:2.3:o:tigera:calico_os::::::::

History

No history.

Information

Published : 2022-06-06 18:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-28224

Mitre link : CVE-2022-28224

CVE.ORG link : CVE-2022-28224

JSON object : View

Products Affected

tigera

calico_enterprise
calico_os

CWE

CWE-20

Improper Input Validation

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-201

Insertion of Sensitive Information Into Sent Data

{"id": "CVE-2022-28224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "psirt@tigera.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.2}]}, "published": "2022-06-06T18:15:09.360", "references": [{"url": "https://www.tigera.io/security-bulletins-tta-2022-001/", "tags": ["Vendor Advisory"], "source": "psirt@tigera.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "psirt@tigera.io", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-201"}]}], "descriptions": [{"lang": "en", "value": "Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod."}, {"lang": "es", "value": "Los cl\u00fasteres usando Calico (versiones 3.22.1 y anteriores), Calico Enterprise (versiones 3.12.0 y anteriores), pueden ser vulnerables al secuestro de rutas con la funci\u00f3n de IP flotante. Debido a una comprobaci\u00f3n insuficiente, un atacante privilegiado puede ser capaz de establecer una anotaci\u00f3n de IP flotante a un pod incluso si la caracter\u00edstica no est\u00e1 habilitada. Esto puede permitir al atacante interceptar y redirigir el tr\u00e1fico a su pod comprometido"}], "lastModified": "2022-06-14T15:32:32.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tigera:calico_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E4832D7-F220-4771-8B01-54327CB11938", "versionEndExcluding": "3.11.4"}, {"criteria": "cpe:2.3:a:tigera:calico_enterprise:3.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F8BCF7-776F-4B3B-AE3D-3004DA243527"}, {"criteria": "cpe:2.3:o:tigera:calico_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A57465D-F482-4BF7-9250-B36F91743FD9", "versionEndExcluding": "3.20.5"}, {"criteria": "cpe:2.3:o:tigera:calico_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "620C1B05-AAF2-4033-9EA9-79ECF60715DD", "versionEndExcluding": "3.21.5", "versionStartIncluding": "3.21.0"}, {"criteria": "cpe:2.3:o:tigera:calico_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "865171A1-8726-446C-8545-609E9D154A42", "versionEndExcluding": "3.22.2", "versionStartIncluding": "3.22.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@tigera.io"}