← Zuruck zu CVEs
CVE-2020-10749
MEDIUM6.0
Beschreibung
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
CVE Details
CVSS v3.1 Bewertung6.0
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht6/3/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
fedoraproject:fedoralinuxfoundation:cni_network_pluginsredhat:enterprise_linuxredhat:openshift_container_platform
Schwachen (CWE)
CWE-300
Referenzen
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749(secalert@redhat.com)
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.