CVE-2022-28224: Improper Input Validation

June 7, 2022 (updated February 2, 2024)

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.

References

github.com/advisories/GHSA-9394-xfq9-6qrp
nvd.nist.gov/vuln/detail/CVE-2022-28224
www.tigera.io/security-bulletins-tta-2022-001/

Code Behaviors & Features

Detect and mitigate CVE-2022-28224 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →