| Description | Severity | Notes |
|---|---|---|
Calico Enterprise & Calico OS are vulnerable to pod route hijackingReference: TTA-2022-001 Date published: 2022-June-1 |
Medium | N/A |
Description
Customers running Calico Enterprise and Calico OS are vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker is able to set a floating IP annotation to a pod even if the feature is not enabled. This allows the attacker to intercept and reroute traffic to their compromised pod.
CVE-2022-28224 has been assigned to this vulnerability.
Severity
MEDIUM
The validation on using floating IP can be bypassed by annotating the pod directly after pod creation. The routing will be reverted when the annotated pod is destroyed or the annotation is removed. This vulnerability requires the Kubernetes RBAC permission of [“patch”, “pods”] to annotate pods.
Affected Releases
- Calico Enterprise v3.12 and below
- Calico OS v3.22 and below
Indicators of Impact/Compromise
Review running pods and identify if floating IP annotations are present.
Workaround / Remediation
Review Kubernetes RBAC and review access to [“patch”, “pods”].
Fixed Software
- Calico Enterprise
- V3.13.0 and above
- v3.12.1
- v3.11.4
- Calico OS
- V3.22.2 and above
- v3.21.5
- v.3.20.5
Acknowledgment
We would like to acknowledge Aloys Augustin from Cisco for reporting this issue.
Return to List