CVE-2022-28224

ADVISORY - github

Summary

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.

EPSS Score⁠: 0.0028 (0.510)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20⁠

Improper Input Validation

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

CWE-201⁠

Insertion of Sensitive Information Into Sent Data

ADVISORY - github

CWE-20⁠

Improper Input Validation

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20⁠

Improper Input Validation

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

4 years ago

UPDATED

5 months ago

ADVISORY IDCVE-2022-28224⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠CWE-200⁠CWE-201⁠

CVSS SCORE

5.5medium

GitHub

CREATED

4 years ago

UPDATED

5 months ago

ADVISORY IDGHSA-9394-xfq9-6qrp⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠CWE-200⁠

CVSS SCORE

5.5medium

GitLab

CREATED

4 years ago

UPDATED

5 months ago

ADVISORY ID

CVE-2022-28224

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-20⁠CWE-200⁠CWE-937⁠

CVSS SCORE

5.5medium

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-9g26-x9q7-w8vh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-9hfx-wj82-qwmc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-r99x-xv2x-g3g5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

1 year ago

UPDATED

6 months ago

ADVISORY ID

CVE-2022-28224

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium