{"id":"CVE-2020-10749","details":"A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.","aliases":["GHSA-fx6x-h9g4-56f8","GO-2023-1915"],"modified":"2026-05-15T12:04:02.848836458Z","published":"2020-06-03T14:15:12.470Z","related":["ALSA-2020:4694","CGA-wghg-4jq2-6hfj","SUSE-SU-2020:1957-1","SUSE-SU-2022:4151-1","openSUSE-SU-2020:1049-1","openSUSE-SU-2020:1050-1","openSUSE-SU-2024:10689-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"32"}],"vendor_product":"fedoraproject:fedora","source":"CPE_FIELD"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"},{"last_affected":"8.0"}],"vendor_product":"redhat:enterprise_linux","cpes":["cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"]},{"cpes":["cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"4.0"}],"vendor_product":"redhat:openshift_container_platform","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}]}