CVE-2020-10749 – CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters

https://notcve.org/view.php?id=CVE-2020-10749

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. Se detectó una vulnerabilidad en todas las versiones de containernetworking/plugins versiones anteriores a 0.8.6, que permite a contenedores maliciosos en los grupos de Kubernetes llevar a cabo ataques de tipo man-in-the-middle (MitM). Un contenedor malicioso puede explotar este fallo mediante el envío de anuncios de enrutadores IPv6 falsos al host u otros contenedores, para redireccionar el tráfico al contenedor malicioso. A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. • https://github.com/knqyf263/CVE-2020-10749 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749 https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC https://access.redhat.com/security/cve/CVE-2020- • CWE-300: Channel Accessible by Non-Endpoint •