PT-2022-18888 · Calico+1 · Calico+1

Aloys Augustin

Published

2022-06-06

Updated

2025-09-30

CVE-2022-28224

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Calico versions 3.22.1 and below Calico Enterprise versions 3.12.0 and below

Description The issue is related to insufficient validation in the floating IP feature, which may allow a privileged attacker to set a floating IP annotation to a pod even if the feature is not enabled. This could enable the attacker to intercept and reroute traffic to their compromised pod.

Recommendations For Calico versions 3.22.1 and below, consider disabling the floating IP feature until a patch is available. For Calico Enterprise versions 3.12.0 and below, restrict access to the floating IP annotation to minimize the risk of exploitation.

Fix

Information Disclosure

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201CWE-200CWE-20

Related Identifiers

CVE-2022-28224

GHSA-9394-XFQ9-6QRP

Affected Products

Calico

Calico Enterprise

PT-2022-18888 · Calico+1 · Calico+1

CVE-2022-28224

Weakness Enumeration

Related Identifiers

Affected Products

References · 7