CVE-2020-10749 Affecting conmon package, versions <2:2.0.20-2.module+el8.3.0+7866+f387f528

Q: How to fix?

<p>Upgrade <code>Oracle:8</code> <code>conmon</code> to version 2:2.0.20-2.module+el8.3.0+7866+f387f528 or higher.<br>This issue was patched in <code>ELSA-2020-4694</code>.</p>

Threat Intelligence

0.09% (41^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-ORACLE8-CONMON-2571383
published 10 Apr 2022
disclosed 3 Jun 2020

Report a new vulnerability Found a mistake?

Introduced: 3 Jun 2020

CVE-2020-10749 Open this link in a new tab

How to fix?

Upgrade Oracle:8 conmon to version 2:2.0.20-2.module+el8.3.0+7866+f387f528 or higher.
This issue was patched in ELSA-2020-4694.

NVD Description

Note: Versions mentioned in the description apply only to the upstream conmon package and not the conmon package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

Low
User Interaction (UI)

None

Scope (S)

Changed

Confidentiality (C)

Low
Integrity (I)

Low
Availability (A)

Low

CVE-2020-10749 Affecting conmon package, versions <2:2.0.20-2.module+el8.3.0+7866+f387f528

Severity

Based on Oracle Linux security rating