QwikSec

Security Database

CVE

CWE

Training

CVE-2020-10749

Published: Jun 3, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

6.0

MEDIUM

Description

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Vendor	Product	Versions
Red Hat	containernetworking/plugins	affected `all containernetworking/plugins versions before version 0.8.6`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8

x_refsource_MISC

openSUSE-SU-2020:1049

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1050

vendor-advisory

x_refsource_SUSE

FEDORA-2021-ccb8a9c403

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.