1. CVE-Search
  2. CVE-2020-10749
ID CVE-2020-10749
Summary A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
References
Vulnerable Configurations
  • cpe:2.3:a:linuxfoundation:cni_network_plugins:*:*:*:*:*:*:*:*
    cpe:2.3:a:linuxfoundation:cni_network_plugins:*:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 14-03-2023 - 15:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
redhat via4
rpms
  • containernetworking-plugins-0:0.8.6-1.rhaos4.4.el7
  • containernetworking-plugins-0:0.8.6-1.rhaos4.4.el8
  • containernetworking-plugins-debuginfo-0:0.8.6-1.rhaos4.4.el7
  • containernetworking-plugins-debuginfo-0:0.8.6-1.rhaos4.4.el8
  • containernetworking-plugins-debugsource-0:0.8.6-1.rhaos4.4.el8
  • containernetworking-plugins-0:0.8.6-1.rhaos4.3.el7
  • containernetworking-plugins-0:0.8.6-1.rhaos4.3.el8
  • containernetworking-plugins-debuginfo-0:0.8.6-1.rhaos4.3.el7
  • containernetworking-plugins-debuginfo-0:0.8.6-1.rhaos4.3.el8
  • containernetworking-plugins-debugsource-0:0.8.6-1.rhaos4.3.el8
  • containernetworking-plugins-0:0.8.6-1.rhaos4.2.el7
  • containernetworking-plugins-0:0.8.6-1.rhaos4.2.el8
  • containernetworking-plugins-debuginfo-0:0.8.6-1.rhaos4.2.el7
  • containernetworking-plugins-debuginfo-0:0.8.6-1.rhaos4.2.el8
  • containernetworking-plugins-debugsource-0:0.8.6-1.rhaos4.2.el8
  • containernetworking-plugins-0:0.8.3-3.el7_8
  • containernetworking-plugins-debuginfo-0:0.8.3-3.el7_8
  • buildah-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • buildah-debuginfo-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • buildah-debugsource-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • buildah-tests-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • buildah-tests-debuginfo-0:1.15.1-2.module+el8.3.0+8221+97165c3f
  • cockpit-podman-0:18.1-2.module+el8.3.0+8221+97165c3f
  • conmon-2:2.0.20-2.module+el8.3.0+8221+97165c3f
  • container-selinux-2:2.144.0-1.module+el8.3.0+8221+97165c3f
  • containernetworking-plugins-0:0.8.6-2.module+el8.3.0+8221+97165c3f
  • containernetworking-plugins-debuginfo-0:0.8.6-2.module+el8.3.0+8221+97165c3f
  • containernetworking-plugins-debugsource-0:0.8.6-2.module+el8.3.0+8221+97165c3f
  • containers-common-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • crit-0:3.14-2.module+el8.3.0+8221+97165c3f
  • criu-0:3.14-2.module+el8.3.0+8221+97165c3f
  • criu-debuginfo-0:3.14-2.module+el8.3.0+8221+97165c3f
  • criu-debugsource-0:3.14-2.module+el8.3.0+8221+97165c3f
  • crun-0:0.14.1-2.module+el8.3.0+8221+97165c3f
  • crun-debuginfo-0:0.14.1-2.module+el8.3.0+8221+97165c3f
  • crun-debugsource-0:0.14.1-2.module+el8.3.0+8221+97165c3f
  • fuse-overlayfs-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • fuse-overlayfs-debuginfo-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • fuse-overlayfs-debugsource-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • libslirp-0:4.3.1-1.module+el8.3.0+8221+97165c3f
  • libslirp-debuginfo-0:4.3.1-1.module+el8.3.0+8221+97165c3f
  • libslirp-debugsource-0:4.3.1-1.module+el8.3.0+8221+97165c3f
  • libslirp-devel-0:4.3.1-1.module+el8.3.0+8221+97165c3f
  • oci-seccomp-bpf-hook-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • oci-seccomp-bpf-hook-debuginfo-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • oci-seccomp-bpf-hook-debugsource-0:1.1.2-3.module+el8.3.0+8221+97165c3f
  • podman-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-catatonit-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-catatonit-debuginfo-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-debuginfo-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-debugsource-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-docker-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-remote-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-remote-debuginfo-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • podman-tests-0:2.0.5-5.module+el8.3.0+8221+97165c3f
  • python-podman-api-0:1.2.0-0.2.gitd0a45fe.module+el8.3.0+8221+97165c3f
  • python3-criu-0:3.14-2.module+el8.3.0+8221+97165c3f
  • runc-0:1.0.0-68.rc92.module+el8.3.0+8221+97165c3f
  • runc-debuginfo-0:1.0.0-68.rc92.module+el8.3.0+8221+97165c3f
  • runc-debugsource-0:1.0.0-68.rc92.module+el8.3.0+8221+97165c3f
  • skopeo-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • skopeo-debuginfo-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • skopeo-debugsource-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • skopeo-tests-1:1.1.1-3.module+el8.3.0+8221+97165c3f
  • slirp4netns-0:1.1.4-2.module+el8.3.0+8221+97165c3f
  • slirp4netns-debuginfo-0:1.1.4-2.module+el8.3.0+8221+97165c3f
  • slirp4netns-debugsource-0:1.1.4-2.module+el8.3.0+8221+97165c3f
  • toolbox-0:0.0.8-1.module+el8.3.0+8221+97165c3f
  • udica-0:0.2.2-1.module+el8.3.0+8221+97165c3f
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
fedora FEDORA-2021-ccb8a9c403
misc https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8
suse
  • openSUSE-SU-2020:1049
  • openSUSE-SU-2020:1050
Last major update 14-03-2023 - 15:35
Published 03-06-2020 - 14:15
Last modified 14-03-2023 - 15:35
Back to Top