Weaveworks Weave vulnerabilities

CVE-2020-26278 [MEDIUM] CWE-250 CVE-2020-26278: Weave Net is open source software which creates a virtual network that connects Docker containers ac Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is supplied with a manifest that runs pods on every node in a

CVE-2020-11091 [HIGH] CWE-350 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on

CVE-2019-3462 [HIGH] CWE-350 CVE-2019-3462: Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and ea Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.