CVE-2020-10749 MEDIUM

CVE-2020-10749

Vendor Red Hat
Product containernetworking/plugins
Weakness CWE-300
Published June 3, 2020
Last update August 4, 2024

CVSS base score

6.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Key dates

02Disclosure timeline

June 3, 2020 CVE published
August 4, 2024 Record updated