6
CVE-2020-13597
- EPSS 0.21%
- Veröffentlicht 03.06.2020 17:15:24
- Zuletzt bearbeitet 21.11.2024 05:01:35
- Quelle psirt@tigera.io
- CVE-Watchlists
- Unerledigt
LoginClusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Projectcalico ≫ Calico SwEditionenterprise Version <= 2.6.2
Projectcalico ≫ Calico Version <= 3.8.8
Projectcalico ≫ Calico SwEditionenterprise Version >= 2.7.0 <= 2.7.4
Projectcalico ≫ Calico SwEditionenterprise Version >= 2.8.0 <= 2.8.2
Projectcalico ≫ Calico Version >= 3.9.0 <= 3.9.5
Projectcalico ≫ Calico Version >= 3.10.0 <= 3.10.3
Projectcalico ≫ Calico Version >= 3.11.0 <= 3.11.2
Projectcalico ≫ Calico Version >= 3.12.0 <= 3.12.1
Projectcalico ≫ Calico Version >= 3.13.0 <= 3.13.3
Projectcalico ≫ Calico Version3.14.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.44 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 1.8 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:N/AC:H/Au:S/C:P/I:N/A:N
|
| psirt@tigera.io | 6 | 1.8 | 3.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-201 Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.