CVE-2020-11091Reliance on Reverse DNS Resolution for a Security-Critical Action in Weave

CWE-350Reliance on Reverse DNS Resolution for a Security-Critical Action5 documents4 sources
Severity
5.8MEDIUMNVD
CNA8.1GHSA8.1OSV8.1
EPSS
0.2%
top 62.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Weaveworks WeaveGithub.com Weaveworks WeaveWeave NET
Timeline
PublishedJun 3
Latest updateAug 21

Description

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or configured on some interfaces, but it's pretty likely that ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by def

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:NExploitability: 1.3 | Impact: 4.0

Affected Packages3 packages

NVDweave/weave_net< 2.6.3
CVEListV5weaveworks/weave< 2.6.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements in github.com/weaveworks/weave2024-08-21
OSV
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements2021-05-27
GHSA
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements2021-05-27
CVEList
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements2020-06-03
CVE-2020-11091 — Weaveworks Weave vulnerability | cvebase