Fluid Attacks Database

Description

containernetworking/plugins vulnerable to MitM attacks A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/containernetworking/plugins	>=0 <0.8.6	0.8.6
debian 12	golang-github-containernetworking-plugins	>=0 <0.8.6-1	0.8.6-1
debian 13	golang-github-containernetworking-plugins	>=0 <0.8.6-1	0.8.6-1
debian 11	golang-github-containernetworking-plugins	>=0 <0.8.6-1	0.8.6-1
debian 14	golang-github-containernetworking-plugins	>=0 <0.8.6-1	0.8.6-1
rpm rhel8	containernetworking-plugins	-	-

Aliases

1. CVE-2020-107492. NVD-2020-107493. OSV-2020-107494. OSV-DEBIAN-2020-107495. GCVE-2020-107496. SECURITY-TRACKER-CVE-2020-10749

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-107492. https://github.com/containernetworking/plugins/releases/tag/v0.8.63. https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp84. https://lists.fedoraproject.org/archives/list/[email protected]/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC5. http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html6. http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html7. https://github.com/knqyf263/CVE-2020-10749