CVE-2022-28224: 
Linux Photon vulnerability analysis and mitigation

Clusters using Calico (version 3.22.1 and below) and Calico Enterprise (version 3.12.0 and below) were identified to contain a vulnerability related to route hijacking with the floating IP feature. The vulnerability was assigned CVE-2022-28224 and was disclosed on June 27, 2022. The issue affects Calico's networking and security components in Kubernetes environments (Tigera Advisory).

The vulnerability stems from insufficient validation in the floating IP feature implementation. It received a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H. The issue is classified under CWE-20 (Improper Input Validation), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), and CWE-201 (Insertion of Sensitive Information Into Sent Data) (NVD).

When exploited, this vulnerability allows an attacker to intercept and reroute traffic to their compromised pod. The routing will remain affected until the annotated pod is destroyed or the annotation is removed. This creates a potential for traffic manipulation and service disruption within the cluster (Tigera Advisory).

The vulnerability has been patched in multiple versions: Calico Enterprise v3.13.0 and above, v3.12.1, v3.11.4, and Calico OS v3.22.2 and above, v3.21.5, v3.20.5. Organizations should review their Kubernetes RBAC configurations and audit access to pod annotation permissions. Additionally, they should review running pods to identify if unauthorized floating IP annotations are present (Tigera Advisory).

The vulnerability was initially reported by Aloys Augustin from Cisco, with additional analysis provided by Yuval Avrahami. The security community acknowledged the responsible disclosure and the swift response in providing patches across multiple versions (Tigera Advisory).