GHSA-9394-xfq9-6qrp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9394-xfq9-6qrp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-9394-xfq9-6qrp/GHSA-9394-xfq9-6qrp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9394-xfq9-6qrp
- Aliases
- Related
- Published
- 2022-06-07T00:00:33Z
- Modified
- 2025-09-30T22:09:35Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
- Summary
- Calico vulnerable to pod route hijacking
- Details
-
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
- Database specific
{ "severity": "MODERATE", "cwe_ids": [ "CWE-20", "CWE-200" ], "github_reviewed_at": "2024-02-02T20:16:57Z", "nvd_published_at": "2022-06-06T18:15:00Z", "github_reviewed": true }- References
Affected packages
Go / github.com/projectcalico/calico
Package
- Name
- github.com/projectcalico/calico
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/projectcalico/calico
Go / github.com/projectcalico/calico
Package
- Name
- github.com/projectcalico/calico
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/projectcalico/calico
Go / github.com/projectcalico/calico
Package
- Name
- github.com/projectcalico/calico
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/projectcalico/calico