First published: Fri May 08 2020(Updated: )
A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/containernetworking/plugins | <0.8.6 | 0.8.6 |
redhat/containernetworking/plugins | <0.8.6 | 0.8.6 |
redhat/containernetworking-plugins | <0:0.8.3-3.el7_8 | 0:0.8.3-3.el7_8 |
redhat/containernetworking-plugins | <0:0.8.6-1.rhaos4.2.el7 | 0:0.8.6-1.rhaos4.2.el7 |
redhat/containernetworking-plugins | <0:0.8.6-1.rhaos4.3.el8 | 0:0.8.6-1.rhaos4.3.el8 |
redhat/containernetworking-plugins | <0:0.8.6-1.rhaos4.4.el8 | 0:0.8.6-1.rhaos4.4.el8 |
Linuxfoundation Cni Network Plugins | <0.8.6 | |
Redhat Openshift Container Platform | =4.0 | |
Fedoraproject Fedora | =32 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 |
Prevent untrusted, non-privileged containers from running with CAP_NET_RAW.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID of this vulnerability is CVE-2020-10749.
CVE-2020-10749 has a severity level of medium.
All versions of containernetworking/plugins before version 0.8.6 are affected by CVE-2020-10749.
A malicious container can exploit CVE-2020-10749 by sending rogue IPv6 router advertisements to the host.
You can find more information about CVE-2020-10749 at the following references: [Link 1](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1833219), [Link 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1833215), [Link 3](https://github.com/containernetworking/plugins/pull/484).