Base Score

MEDIUM6

CVE-2020-10749

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateJun 03, 2020, 14:15

Affected Versions(1)

github.com/containernetworking/plugins(Go)

Introduced0

Fixed0.8.6

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/containernetworking/plugins(Go)	0	0.8.6	N/A

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

Base Score

MEDIUM6

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW