CVE-2022-28224

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.

CVSS v3 5.5 MEDIUM
CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.tigera.io/security-bulletins-tta-2022-001/	Vendor Advisory
https://www.tigera.io/security-bulletins-tta-2022-001/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tigera:calico:::::open_source:::*
	cpe:2.3:a:tigera:calico:::::open_source:::*
	cpe:2.3:a:tigera:calico:::::open_source:::*
	cpe:2.3:a:tigera:calico_enterprise::::::::
	cpe:2.3:a:tigera:calico_enterprise:3.12.0:::::::*

History

30 Sep 2025, 18:45

Type	Values Removed	Values Added
First Time		Tigera calico
CPE	cpe:2.3:o:tigera:calico_os::::::::	cpe:2.3:a:tigera:calico:::::open_source:::*

21 Nov 2024, 06:56

Type	Values Removed	Values Added
References	~~() https://www.tigera.io/security-bulletins-tta-2022-001/ - Vendor Advisory~~	() https://www.tigera.io/security-bulletins-tta-2022-001/ - Vendor Advisory

Information

Published : 2022-06-06 18:15

Updated : 2025-09-30 18:45

NVD link : CVE-2022-28224

Mitre link : CVE-2022-28224

CVE.ORG link : CVE-2022-28224

JSON object : View

Products Affected

tigera

calico_enterprise
calico

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-201

Insertion of Sensitive Information Into Sent Data

CWE-20

Improper Input Validation

{"id": "CVE-2022-28224", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@tigera.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.2}]}, "published": "2022-06-06T18:15:09.360", "references": [{"url": "https://www.tigera.io/security-bulletins-tta-2022-001/", "tags": ["Vendor Advisory"], "source": "psirt@tigera.io"}, {"url": "https://www.tigera.io/security-bulletins-tta-2022-001/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@tigera.io", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-201"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod."}, {"lang": "es", "value": "Los cl\u00fasteres usando Calico (versiones 3.22.1 y anteriores), Calico Enterprise (versiones 3.12.0 y anteriores), pueden ser vulnerables al secuestro de rutas con la funci\u00f3n de IP flotante. Debido a una comprobaci\u00f3n insuficiente, un atacante privilegiado puede ser capaz de establecer una anotaci\u00f3n de IP flotante a un pod incluso si la caracter\u00edstica no est\u00e1 habilitada. Esto puede permitir al atacante interceptar y redirigir el tr\u00e1fico a su pod comprometido"}], "lastModified": "2025-09-30T18:45:43.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "162FAB6F-BD82-4E43-B77C-8951E2DAA134", "versionEndExcluding": "3.20.5"}, {"criteria": "cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD77006-92F6-4BEA-95F3-799B4A2D30D0", "versionEndExcluding": "3.21.5", "versionStartIncluding": "3.21.0"}, {"criteria": "cpe:2.3:a:tigera:calico:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "84190BD4-C9DF-4DFA-A74C-2F32DCF58316", "versionEndExcluding": "3.22.2", "versionStartIncluding": "3.22.0"}, {"criteria": "cpe:2.3:a:tigera:calico_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E4832D7-F220-4771-8B01-54327CB11938", "versionEndExcluding": "3.11.4"}, {"criteria": "cpe:2.3:a:tigera:calico_enterprise:3.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F8BCF7-776F-4B3B-AE3D-3004DA243527"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@tigera.io"}