DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2020-13597

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-13597

CGA ID

CGA-2cvj-f2mr-fc7r

Severity

3.5

Low

CVSS V3

Description

Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.

References

  • https://images.chainguard.dev/security/CGA-2cvj-f2mr-fc7r

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images