GHSA-pf59-j7c2-rh6x

Source

https://github.com/advisories/GHSA-pf59-j7c2-rh6x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-pf59-j7c2-rh6x/GHSA-pf59-j7c2-rh6x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pf59-j7c2-rh6x

Aliases

CVE-2020-13597

Related

Published

2022-02-15T01:57:18Z

Modified

2024-05-22T16:49:10Z

Severity

6.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator

Summary

Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico

Details

Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.

Database specific

{
    "nvd_published_at": "2020-06-03T17:15:00Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-201"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-14T16:27:14Z"
}

References

Affected packages

Go / github.com/projectcalico/calico

Package

Name: github.com/projectcalico/calico; View open source insights on deps.dev
Purl: pkg:golang/github.com/projectcalico/calico

Affected ranges

Type: SEMVER
Events: Introduced

3.14.0

Fixed

3.14.1

Go / github.com/projectcalico/calico

Package

Name: github.com/projectcalico/calico; View open source insights on deps.dev
Purl: pkg:golang/github.com/projectcalico/calico

Affected ranges

Type: SEMVER
Events: Introduced

3.13.0

Fixed

3.13.4

Go / github.com/projectcalico/calico

Package

Name: github.com/projectcalico/calico; View open source insights on deps.dev
Purl: pkg:golang/github.com/projectcalico/calico

Affected ranges

Type: SEMVER
Events: Introduced

3.12.0

Fixed

3.12.2

Go / github.com/projectcalico/calico

Package

Name: github.com/projectcalico/calico; View open source insights on deps.dev
Purl: pkg:golang/github.com/projectcalico/calico

Affected ranges

Type: SEMVER
Events: Introduced

3.11.0

Fixed

3.11.3

Go / github.com/projectcalico/calico

Package

Name: github.com/projectcalico/calico; View open source insights on deps.dev
Purl: pkg:golang/github.com/projectcalico/calico

Affected ranges

Type: SEMVER
Events: Introduced

3.10.0

Fixed

3.10.4

Go / github.com/projectcalico/calico

Package

Name: github.com/projectcalico/calico; View open source insights on deps.dev
Purl: pkg:golang/github.com/projectcalico/calico

Affected ranges

Type: SEMVER
Events: Introduced

3.9.0

Fixed

3.9.6

Go / github.com/projectcalico/calico

Package

Name: github.com/projectcalico/calico; View open source insights on deps.dev
Purl: pkg:golang/github.com/projectcalico/calico

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.9