CVE-2020-10749

MEDIUM

containernetworking/plugins <0.8.6 - Privilege Escalation

Title source: llm

Description

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Exploits (1)

nomisec WORKING POC 25 stars

by knqyf263 · poc

https://github.com/knqyf263/CVE-2020-10749

View Code ZIP pw:eip

References (5)

[Broken Link, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html

[Broken Link, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749

[Mailing List] https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/

Scores

CVSS v3 6.0

EPSS 0.0519

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Classification

CWE

CWE-300

Status published

Affected Products (6)

linuxfoundation/cni_network_plugins < 0.8.6

redhat/openshift_container_platform

fedoraproject/fedora

redhat/enterprise_linux

redhat/enterprise_linux

containernetworking/plugins < 0.8.6Go

Timeline

Published Jun 03, 2020

Tracked Since Feb 18, 2026