Candidate: CVE-2020-10749
PublicDate: 2020-06-03 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10749
 https://github.com/containernetworking/plugins/pull/484
 https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43
Description:
 A vulnerability was found in all versions of containernetworking/plugins
 before version 0.8.6, that allows malicious containers in Kubernetes
 clusters to perform man-in-the-middle (MitM) attacks. A malicious container
 can exploit this flaw by sending rogue IPv6 router advertisements to the
 host or other containers, to redirect traffic to the malicious container.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L [6.0 MEDIUM]


Patches_golang-github-containernetworking-plugins:
upstream_golang-github-containernetworking-plugins: needs-triage
precise/esm_golang-github-containernetworking-plugins: DNE
trusty_golang-github-containernetworking-plugins: ignored (out of standard support)
trusty/esm_golang-github-containernetworking-plugins: DNE
xenial_golang-github-containernetworking-plugins: DNE
bionic_golang-github-containernetworking-plugins: DNE
eoan_golang-github-containernetworking-plugins: DNE
focal_golang-github-containernetworking-plugins: needs-triage
groovy_golang-github-containernetworking-plugins: not-affected (0.8.6-1)
hirsute_golang-github-containernetworking-plugins: not-affected (0.8.6-1)
impish_golang-github-containernetworking-plugins: not-affected (0.8.6-1)
jammy_golang-github-containernetworking-plugins: not-affected (0.8.6-1)
devel_golang-github-containernetworking-plugins: not-affected (0.8.6-1)