Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Calico nodes IPv6 traffic redirection from route advertisment
Vulnerability Description
Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
通过发送数据的信息暴露
Vulnerability Title
Tigera Calico 信息泄露漏洞
Vulnerability Description
Tigera Calico是美国Tigera公司的一套针对容器、虚拟机和主机工作负载的开源网络安全解决方案。 Tigera Calico 3.14.0及之前版本和Calico Enterprise 2.8.2及之前版本中存在安全漏洞,该漏洞源于程序没有正确验证路由器通告。攻击者可借助中间人技术利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A