Description

In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.

INFO

Published Date :

2024-04-29T22:19:06.908Z

Last Modified :

2024-08-02T02:36:04.113Z

Source :

Tigera
AFFECTED PRODUCTS

The following products are affected by CVE-2024-33522 vulnerability.

Vendors Products
Tigera
  • Calico
  • Calico Cloud
  • Calico Enterprise
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-33522.

URL Resource
https://github.com/projectcalico/calico/issues/7981 cve-icon cve-icon cve-icon
https://github.com/projectcalico/calico/pull/8447 cve-icon cve-icon cve-icon
https://github.com/projectcalico/calico/pull/8517 cve-icon cve-icon cve-icon
https://www.tigera.io/security-bulletins-tta-2024-001/ cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact