NVD Vulnerability Detail

CVE-2020-10749

Summary	A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
Publication Date	June 3, 2020, 11:15 p.m.
Registration Date	Jan. 26, 2021, 11:50 a.m.
Last Update	Nov. 21, 2024, 1:55 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:linuxfoundation:cni_network_plugins::::::::					0.8.6

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html	Broken Link Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html	Broken Link Third Party Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749	Issue Tracking Third Party Advisory
4	https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8
5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/
6	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html	Broken Link Third Party Advisory
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/
8	https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8
9	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749	Issue Tracking Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html	Broken Link Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

containernetworking/plugins における脆弱性

Title	containernetworking/plugins における脆弱性
Summary	containernetworking/plugins には、不特定の脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 2, 2020, midnight
Registration Date	June 30, 2020, 5:52 p.m.
Last Update	June 30, 2020, 5:52 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux

Red Hat OpenShift Container Platform

Cloud Native Computing Foundation

CNI network plugins 0.8.6 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-10749	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10749
National Vulnerability Database (NVD)
2	CVE-2020-10749	https://nvd.nist.gov/vuln/detail/CVE-2020-10749

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
GitHub
1	plugins	https://github.com/containernetworking/plugins
Red Hat Bugzilla
2	Bug 1833220	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749

その他

No	Name	URL
関連文書
1	IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements	https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8

Change Log

No	Changed Details	Date of change
1	[2020年06月30日] 掲載	June 30, 2020, 5:52 p.m.