6
CVE-2020-10749
- EPSS 3.6%
- Published 03.06.2020 14:15:12
- Last modified 21.11.2024 04:55:59
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
Data is provided by the National Vulnerability Database (NVD)
Linuxfoundation ≫ Cni Network Plugins Version < 0.8.6
Redhat ≫ Openshift Container Platform Version4.0
Fedoraproject ≫ Fedora Version32
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.6% | 0.867 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 1.8 | 3.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
| secalert@redhat.com | 6 | 1.8 | 3.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
|
CWE-300 Channel Accessible by Non-Endpoint
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.