{"id":"CVE-2022-28224","details":"Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.","aliases":["GHSA-9394-xfq9-6qrp"],"modified":"2026-04-10T04:46:52.669999Z","published":"2022-06-06T18:15:09.360Z","related":["CGA-r99x-xv2x-g3g5"],"references":[{"type":"ADVISORY","url":"https://www.tigera.io/security-bulletins-tta-2022-001/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/projectcalico/calico","events":[{"introduced":"0"},{"fixed":"0337a6efbfe8e220be55dc3c8483a1790add0724"},{"introduced":"be5e761f5323e8d43130d22cfb76c278b202c597"},{"fixed":"1b5d26bcb621174b233fa09d4847884d599c3c54"},{"introduced":"a86e41d021c4c60e1f73d8dce396fe249d708cc7"},{"fixed":"14cf6d6ea10423b12809d868eb574a9a610916f9"},{"introduced":"0"},{"last_affected":"db9625b360f63e3835e34fdeb0386f96386d4c83"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.20.5"},{"introduced":"3.21.0"},{"fixed":"3.21.5"},{"introduced":"3.22.0"},{"fixed":"3.22.2"},{"introduced":"0"},{"last_affected":"3.12.0"}]}}],"versions":["v0.1.0-typha","v0.1.1-typha","v0.1.2-typha","v0.1.3-typha","v0.1.4-typha","v0.1.5-typha","v0.1.7-typha","v0.2.1-typha","v0.2.2-typha","v0.2.3-pre1-typha","v0.2.3-typha","v0.3.0-typha","v0.3.1-typha","v0.4.0-typha","v0.5.0-typha","v0.5.1-typha","v0.6.0-alpha1-rc1-typha","v0.6.0-alpha1-typha","v0.6.0-beta1-typha","v0.6.0-typha","v2.5.0","v2.5.0-calico","v2.5.0-rc2","v2.5.0-rc2-calico","v2.6.0","v2.6.0-calico","v2.6.0-rc1","v2.6.0-rc1-calico","v2.6.0-rc2","v2.6.0-rc2-calico","v2.6.2","v2.6.2-calico","v3.0.0","v3.0.0-alpha1-rc1","v3.0.0-alpha1-rc1-calico","v3.0.0-calico","v3.0.1","v3.0.1-calico","v3.0.12","v3.0.12-calico","v3.1.7","v3.1.7-calico","v3.10.0","v3.10.0-0.dev-typha","v3.10.0-calico","v3.10.2","v3.10.2-calico","v3.11.0-0.dev-typha","v3.11.0-typha","v3.11.1","v3.11.1-calico","v3.11.1-typha","v3.12.0-typha","v3.16.0","v3.16.0-calico","v3.16.5","v3.16.5-calico","v3.17.5","v3.17.5-calico","v3.18.1","v3.18.1-calico","v3.18.5","v3.18.5-calico","v3.2.0","v3.2.0-calico","v3.2.0-typha","v3.2.1-typha","v3.2.8","v3.2.8-calico","v3.20.1","v3.20.1-calico","v3.20.2","v3.20.2-calico","v3.20.3","v3.20.3-calico","v3.21.1","v3.21.1-calico","v3.21.2","v3.21.2-calico","v3.21.3","v3.3.0-typha","v3.3.7","v3.3.7-calico","v3.4.0-0.dev-typha","v3.4.0-typha","v3.4.1-typha","v3.5.0-0.dev-typha","v3.5.0-beta.0-typha","v3.5.0-typha","v3.5.1-typha","v3.6.0-0.dev-typha","v3.6.0-typha","v3.6.1-typha","v3.7.0-0.dev-typha","v3.8.0-0.dev-typha","v3.8.5","v3.8.5-calico","v3.9.0","v3.9.0-0.dev-typha","v3.9.0-calico","v3.9.4","v3.9.4-calico"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28224.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.11.4"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H"}]}