CVE-2020-10749
published 2020-06-03CVE-2020-10749: A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to…
medium6CVSS 3.1
AVNACHPRLUINSCCLILAL
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-github-containernetworking-plugins | < golang-github-containernetworking-plugins 0.8.6-1 (bookworm) | golang-github-containernetworking-plugins 0.8.6-1 (bookworm) |
| fedoraproject | fedora | — | — |
| github.com | containernetworking_plugins | >= 0 < 0.8.6 | 0.8.6 |
| linuxfoundation | cni_network_plugins | < 0.8.6 | 0.8.6 |
| red_hat | containernetworking_plugins | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | openshift_container_platform | — | — |
CVSS provenance
nvdv3.16.0MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
osv6.0MEDIUM