Description
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.
References (4)
Core 4
Core References
Issue Tracking exploit
issue-tracking
https://github.com/projectcalico/calico/issues/7981
Issue Tracking patch
https://github.com/projectcalico/calico/pull/8447
Issue Tracking patch
https://github.com/projectcalico/calico/pull/8517
Various Sources vendor-advisory
https://www.tigera.io/security-bulletins-tta-2024-001/
Scores
CVSS v3
6.7
EPSS
0.0022
EPSS Percentile
12.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (8)
projectcalico/calico
0 - 3.26.5Go
Tigera/Calico
< v3.26.5
Tigera/Calico
v3.27.0 - v3.27.3
Tigera/Calico
v3.28.0
Tigera/Calico Cloud
< v19.3.0
Tigera/Calico Enterprise
< v3.17.4
Tigera/Calico Enterprise
v3.18.0 - v3.18.2
Tigera/Calico Enterprise
v3.19.0-1.0 - v3.19.0-2.0
Published
Apr 29, 2024
Tracked Since
Feb 18, 2026