Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature
Vulnerability Description
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
Vulnerability Type
信息暴露
Vulnerability Title
Tigera Calico 输入验证错误漏洞
Vulnerability Description
Tigera Calico是美国Tigera公司的一套针对容器、虚拟机和主机工作负载的开源网络安全解决方案。 Tigera Calico 3.22.1版本及之前版本、Calico Enterprise 3.12.0版本及之前版本存在安全漏洞,该漏洞源于容易受到浮动 IP 功能的路由劫持。攻击者利用该漏洞拦截流量。
CVSS Information
N/A
Vulnerability Type
N/A