Lucene search
GoogleOSV:GHSA-9394-XFQ9-6QRPHistoryJun 07, 2022 - 12:00 a.m.
Calico vulnerable to pod route hijacking
2022-06-0700:00:33
Google
osv.dev
8
calico
route hijacking
vulnerability
floating ip
insufficient validation
compromised pod
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
Related
osv
osv
CGA-9g26-x9q7-w8vh
2024-06-06 12:25:26
CGA-9hfx-wj82-qwmc
2024-06-06 12:25:46
cvelist
cvelist
github
github
Calico vulnerable to pod route hijacking
2022-06-07 00:00:33
nvd
nvd
CVE-2022-28224
2022-06-06 18:15:09
prion
prion
Input validation
2022-06-06 18:15:00
cve
cve
CVE-2022-28224
2022-06-06 18:15:09
nessus
nessus
Photon OS 3.0: Calico PHSA-2023-3.0-0631
2024-07-24 00:00:00
Photon OS 4.0: Calico PHSA-2023-4.0-0427
2024-07-24 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0631
2023-08-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0427
2023-07-14 00:00:00