A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cni_network_plugins | Linuxfoundation | * | 0.8.6 (excluding) |
| Red Hat Enterprise Linux 7 Extras | RedHat | containernetworking-plugins-0:0.8.3-3.el7_8 | * |
| Red Hat Enterprise Linux 8 | RedHat | container-tools:rhel8-8030020200923153805.2a301c24 | * |
| Red Hat OpenShift Container Platform 4.2 | RedHat | containernetworking-plugins-0:0.8.6-1.rhaos4.2.el7 | * |
| Red Hat OpenShift Container Platform 4.3 | RedHat | containernetworking-plugins-0:0.8.6-1.rhaos4.3.el7 | * |
| Red Hat OpenShift Container Platform 4.4 | RedHat | containernetworking-plugins-0:0.8.6-1.rhaos4.4.el8 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | openshift4/ose-multus-cni:v4.5.0-202007012112.p0 | * |
| Red Hat OpenShift Container Platform 4.7 | RedHat | openshift4/ose-sdn-rhel8:v4.7.0-202102130115.p0 | * |
| RHEL-8-CNV-2.4 | RedHat | container-native-virtualization/kubevirt-cpu-model-nfd-plugin:v2.4.0-17 | * |
| RHEL-8-CNV-2.4 | RedHat | container-native-virtualization/kubevirt-cpu-node-labeller:v2.4.0-19 | * |
| RHEL-8-CNV-2.4 | RedHat | container-native-virtualization/kubevirt-kvm-info-nfd-plugin:v2.4.0-18 | * |
| RHEL-8-CNV-2.4 | RedHat | container-native-virtualization/vm-import-controller-rhel8:v2.4.0-21 | * |
| Golang-github-containernetworking-plugins | Ubuntu | trusty | * |