6

CVE-2020-10749

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version32
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.43% 0.822
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 1.8 3.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
secalert@redhat.com 6 1.8 3.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE-300 Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html
Third Party Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html
Third Party Advisory
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
Third Party Advisory
Issue Tracking
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/