bridge package, versions <0.8.6

Q: How to fix?

<p>Upgrade <code>github.com/containernetworking/plugins/plugins/main/bridge</code> to version 0.8.6 or higher.</p>

Snyk CVSS

Attack Complexity High

Scope Changed

Threat Intelligence

EPSS 0.07% (29^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGPLUGINSPLUGINSMAINBRIDGE-575665
published 10 Jul 2020
disclosed 8 Jun 2020
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 8 Jun 2020

CVE-2020-13597 Open this link in a new tab CWE-200 Open this link in a new tab

How to fix?

Upgrade github.com/containernetworking/plugins/plugins/main/bridge to version 0.8.6 or higher.

Overview

github.com/containernetworking/plugins/plugins/main/bridge is a CNI network plugins, maintained by the containernetworking team.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). A cluster configured to use an affected container networking implementation is susceptible to man-in-the-middle (MitM) attacks. By sending “rogue” router advertisements, a malicious container can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker-controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond.