CVE-2020-11091MEDIUMCVSS 5.8fixed in 2.6.32020-06-03
CVE-2020-11091 [MEDIUM] CVE-2020-11091: In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or conf
nvd