A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
Weakness
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cni_network_plugins | Linuxfoundation | * | 0.8.6 (excluding) |
| Red Hat Enterprise Linux 7 Extras | RedHat | containernetworking-plugins-0:0.8.3-3.el7_8 | * |
| Red Hat Enterprise Linux 8 | RedHat | container-tools:rhel8-8030020200923153805.2a301c24 | * |
| Red Hat OpenShift Container Platform 4.2 | RedHat | containernetworking-plugins-0:0.8.6-1.rhaos4.2.el8 | * |
| Red Hat OpenShift Container Platform 4.3 | RedHat | containernetworking-plugins-0:0.8.6-1.rhaos4.3.el8 | * |
| Red Hat OpenShift Container Platform 4.4 | RedHat | containernetworking-plugins-0:0.8.6-1.rhaos4.4.el7 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | openshift4/ose-multus-cni:v4.5.0-202007012112.p0 | * |
| Red Hat OpenShift Container Platform 4.7 | RedHat | openshift4/ose-sdn-rhel8:v4.7.0-202102130115.p0 | * |
| RHEL-8-CNV-2.4 | RedHat | container-native-virtualization/kubevirt-cpu-model-nfd-plugin:v2.4.0-17 | * |
| RHEL-8-CNV-2.4 | RedHat | container-native-virtualization/kubevirt-cpu-node-labeller:v2.4.0-19 | * |
| RHEL-8-CNV-2.4 | RedHat | container-native-virtualization/kubevirt-kvm-info-nfd-plugin:v2.4.0-18 | * |
| RHEL-8-CNV-2.4 | RedHat | container-native-virtualization/vm-import-controller-rhel8:v2.4.0-21 | * |
| Golang-github-containernetworking-plugins | Ubuntu | focal | * |
| Golang-github-containernetworking-plugins | Ubuntu | trusty | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/466.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/589.html
- https://cwe.mitre.org/data/definitions/590.html
- https://cwe.mitre.org/data/definitions/612.html
- https://cwe.mitre.org/data/definitions/613.html
- https://cwe.mitre.org/data/definitions/615.html
- https://cwe.mitre.org/data/definitions/662.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
- https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
- https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/