CVE-2020-10749

NameCVE-2020-10749
DescriptionA vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-github-containernetworking-plugins (PTS)bullseye0.9.0-1fixed
sid, trixie, bookworm1.1.1+ds1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-github-containernetworking-pluginssource(unstable)0.8.6-1

Notes

https://github.com/containernetworking/plugins/pull/484
https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43

Search for package or bug name: Reporting problems