{"containers": {"cna": {"affected": [{"product": "containernetworking/plugins", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "all containernetworking/plugins versions before version 0.8.6"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-300", "description": "CWE-300", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-10T03:06:06", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8"}, {"name": "openSUSE-SU-2020:1049", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html"}, {"name": "openSUSE-SU-2020:1050", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html"}, {"name": "FEDORA-2021-ccb8a9c403", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10749", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "containernetworking/plugins", "version": {"version_data": [{"version_value": "all containernetworking/plugins versions before version 0.8.6"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container."}]}, "impact": {"cvss": [[{"vectorString": "6/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-300"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749"}, {"name": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8", "refsource": "MISC", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8"}, {"name": "openSUSE-SU-2020:1049", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html"}, {"name": "openSUSE-SU-2020:1050", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html"}, {"name": "FEDORA-2021-ccb8a9c403", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:14:15.590Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8"}, {"name": "openSUSE-SU-2020:1049", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html"}, {"name": "openSUSE-SU-2020:1050", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html"}, {"name": "FEDORA-2021-ccb8a9c403", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10749", "datePublished": "2020-06-03T13:45:39", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:15.590Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:cni_network_plugins:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3087899-12A3-45CA-9125-70DA2F255534", "versionEndExcluding": "0.8.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en todas las versiones de containernetworking/plugins versiones anteriores a 0.8.6, que permite a contenedores maliciosos en los grupos de Kubernetes llevar a cabo ataques de tipo man-in-the-middle (MitM). Un contenedor malicioso puede explotar este fallo mediante el env\u00edo de anuncios de enrutadores IPv6 falsos al host u otros contenedores, para redireccionar el tr\u00e1fico al contenedor malicioso."}], "id": "CVE-2020-10749", "lastModified": "2023-11-07T03:14:19.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-06-03T14:15:12.470", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749"}, {"source": "secalert@redhat.com", "url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-300"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Etienne Champetier as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:2684", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "containernetworking-plugins-0:0.8.3-3.el7_8", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2020-06-23T00:00:00Z"}, {"advisory": "RHSA-2020:4694", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8030020200923153805.2a301c24", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:2592", "cpe": "cpe:/a:redhat:openshift:4.2::el7", "package": "containernetworking-plugins-0:0.8.6-1.rhaos4.2.el8", "product_name": "Red Hat OpenShift Container Platform 4.2", "release_date": "2020-07-01T00:00:00Z"}, {"advisory": "RHSA-2020:2443", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "containernetworking-plugins-0:0.8.6-1.rhaos4.3.el7", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHSA-2020:2403", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "containernetworking-plugins-0:0.8.6-1.rhaos4.4.el8", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHSA-2020:2412", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "package": "openshift4/ose-multus-cni:v4.5.0-202007012112.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-07-13T00:00:00Z"}, {"advisory": "RHSA-2020:5633", "cpe": "cpe:/a:redhat:openshift:4.7::el8", "impact": "low", "package": "openshift4/ose-sdn-rhel8:v4.7.0-202102130115.p0", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-02-24T00:00:00Z"}, {"advisory": "RHSA-2020:3194", "cpe": "cpe:/a:redhat:container_native_virtualization:2.4::el8", "package": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin:v2.4.0-17", "product_name": "RHEL-8-CNV-2.4", "release_date": "2020-07-28T00:00:00Z"}, {"advisory": "RHSA-2020:3194", "cpe": "cpe:/a:redhat:container_native_virtualization:2.4::el8", "package": "container-native-virtualization/kubevirt-cpu-node-labeller:v2.4.0-19", "product_name": "RHEL-8-CNV-2.4", "release_date": "2020-07-28T00:00:00Z"}, {"advisory": "RHSA-2020:3194", "cpe": "cpe:/a:redhat:container_native_virtualization:2.4::el8", "package": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin:v2.4.0-18", "product_name": "RHEL-8-CNV-2.4", "release_date": "2020-07-28T00:00:00Z"}, {"advisory": "RHSA-2020:3194", "cpe": "cpe:/a:redhat:container_native_virtualization:2.4::el8", "package": "container-native-virtualization/vm-import-controller-rhel8:v2.4.0-21", "product_name": "RHEL-8-CNV-2.4", "release_date": "2020-07-28T00:00:00Z"}], "bugzilla": {"description": "containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters", "id": "1833220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833220"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-300", "details": ["A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.", "A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending \u201crogue\u201d IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container."], "mitigation": {"lang": "en:us", "value": "Prevent untrusted, non-privileged containers from running with CAP_NET_RAW."}, "name": "CVE-2020-10749", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "container-tools:1.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "container-tools:2.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "impact": "low", "package_name": "openshift4/ose-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-sriov-cni", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "ose-containernetworking-plugins-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "package_name": "multus-cni", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:1", "fix_state": "Will not fix", "package_name": "ovs-cni-plugin", "product_name": "Red Hat OpenShift Virtualization 1"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:2", "fix_state": "Affected", "package_name": "ovs-cni-plugin", "product_name": "Red Hat OpenShift Virtualization 2"}], "public_date": "2020-06-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10749\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10749\nhttps://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8"], "statement": "In OpenShift Container Platform 4, the default network plugin, OpenShift SDN, and OVN Kubernetes, do not forward IPv6 traffic, making this vulnerability not exploitable. The affected code from containernetworking/plugins is however still included in these plugins, hence this vulnerability is rated Low for both OpenShift SDN and OVN-Kubernetes.\nIPv6 traffic is not forwarded by the OpenShift SDN in OpenShift Container Platform 3.11, making this vulnerability not exploitable. However, the affected code from containernetworking/plugins is still included in the atomic-openshift package, hence this vulnerability is rated Low for OpenShift Container Platform 3.11.", "threat_severity": "Moderate", "upstream_fix": "containernetworking/plugins 0.8.6"}