VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-er95-u3yh-2ya9

Essentials
Severities (35)
References (21)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-er95-u3yh-2ya9
Aliases	CVE-2020-10749 GHSA-fx6x-h9g4-56f8
Summary	containernetworking/plugins vulnerable to MitM attacks A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-300

Channel Accessible by Non-Endpoint

System	Score	Found at
cvssv3.1	6.0	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html
cvssv3.1	6.0	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html
cvssv3	6.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10749.json
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
epss	0.05187	https://api.first.org/data/v1/epss?cve=CVE-2020-10749
cvssv3.1	6.0	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
cvssv3.1	6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.0	https://github.com/containernetworking/plugins
generic_textual	MODERATE	https://github.com/containernetworking/plugins
cvssv3.1	6.0	https://github.com/containernetworking/plugins/releases/tag/v0.8.6
generic_textual	MODERATE	https://github.com/containernetworking/plugins/releases/tag/v0.8.6
cvssv3.1	6.0	https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8
generic_textual	MODERATE	https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8
cvssv3.1	6.0	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC
cvssv3.1	6.0	https://nvd.nist.gov/vuln/detail/CVE-2020-10749
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2020-10749

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html
		http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10749.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-10749
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10749
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/containernetworking/plugins
		https://github.com/containernetworking/plugins/releases/tag/v0.8.6
		https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC
		https://nvd.nist.gov/vuln/detail/CVE-2020-10749
1833220		https://bugzilla.redhat.com/show_bug.cgi?id=1833220
RHSA-2020:2403		https://access.redhat.com/errata/RHSA-2020:2403
RHSA-2020:2412		https://access.redhat.com/errata/RHSA-2020:2412
RHSA-2020:2443		https://access.redhat.com/errata/RHSA-2020:2443
RHSA-2020:2592		https://access.redhat.com/errata/RHSA-2020:2592
RHSA-2020:2684		https://access.redhat.com/errata/RHSA-2020:2684
RHSA-2020:3194		https://access.redhat.com/errata/RHSA-2020:3194
RHSA-2020:4694		https://access.redhat.com/errata/RHSA-2020:4694
RHSA-2020:5633		https://access.redhat.com/errata/RHSA-2020:5633

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10749.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/containernetworking/plugins

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/containernetworking/plugins/releases/tag/v0.8.6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2020-10749

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.89876
EPSS Score	0.05187
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:08:09.322501+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fx6x-h9g4-56f8/GHSA-fx6x-h9g4-56f8.json	38.0.0