公告ID: KYLIN-2020-10749
安全等级: 中等
产品: Kylin V3
发布日期: 2020年6月1日
CVE: CVE-2020-10749
CVSS3评分: 6.0
概述:
In OpenShift Container Platform 4, the default network plugin, OpenShift SDN, and OVN Kubernetes, do not forward IPv6 traffic, making this vulnerability not exploitable. The affected code from containernetworking/plugins is however still included in these plugins, hence this vulnerability is rated Low for both OpenShift SDN and OVN-Kubernetes. IPv6 traffic is not supported in OpenShift Container Platform 3.11, making this vulnerability not exploitable. However, the affected code from containernetworking/plugins is still included in the atomic-openshift package, hence this vulnerability is rated Low for OpenShift Container Platform 3.11. 描述:
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. A vulnerability was found in affected container networking implementations that allow malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending “rogue” IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container. 系统版本:
KYLIN 3.3.x
KYLIN 3.4.x
KYLIN 3.4.x
KYLIN 3.4.x
受影响包列表:
containernetworking-plugins
container-tools:1.0/containernetworking-plugins
container-tools:2.0/containernetworking-plugins
container-tools:rhel8/containernetworking-plugins