{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-26T23:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.docker.com/engine/release-notes/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"}, {"name": "FEDORA-2020-5ba8c2d9d5", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"}, {"name": "FEDORA-2020-6d7deafd81", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"}, {"name": "openSUSE-SU-2020:0846", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"}, {"name": "DSA-4716", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4716"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"}, {"name": "GLSA-202008-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202008-15"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13401", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.docker.com/engine/release-notes/", "refsource": "MISC", "url": "https://docs.docker.com/engine/release-notes/"}, {"name": "http://www.openwall.com/lists/oss-security/2020/06/01/5", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"}, {"name": "https://github.com/docker/docker-ce/releases/tag/v19.03.11", "refsource": "CONFIRM", "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"}, {"name": "FEDORA-2020-5ba8c2d9d5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"}, {"name": "FEDORA-2020-6d7deafd81", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"}, {"name": "openSUSE-SU-2020:0846", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"}, {"name": "DSA-4716", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4716"}, {"name": "https://security.netapp.com/advisory/ntap-20200717-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"}, {"name": "GLSA-202008-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202008-15"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:18:17.583Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.docker.com/engine/release-notes/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"}, {"name": "FEDORA-2020-5ba8c2d9d5", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"}, {"name": "FEDORA-2020-6d7deafd81", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"}, {"name": "openSUSE-SU-2020:0846", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"}, {"name": "DSA-4716", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4716"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"}, {"name": "GLSA-202008-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202008-15"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13401", "datePublished": "2020-06-02T13:42:09", "dateReserved": "2020-05-22T00:00:00", "dateUpdated": "2024-08-04T12:18:17.583Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "8733F530-515F-4F65-AE90-8C8824C22F4C", "versionEndExcluding": "19.03.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Docker Engine versiones anteriores a 19.03.11. Un atacante en un contenedor, con la capacidad CAP_NET_RAW, puede dise\u00f1ar anuncios de router IPv6, y en consecuencia falsificar hosts IPv6 externos, obtener informaci\u00f3n confidencial o causar una denegaci\u00f3n de servicio."}], "id": "CVE-2020-13401", "lastModified": "2024-11-21T05:01:11.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-02T14:15:10.770", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.docker.com/engine/release-notes/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202008-15"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.docker.com/engine/release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/docker/docker-ce/releases/tag/v19.03.11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202008-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200717-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4716"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Etienne Champetier as the original reporter.", "bugzilla": {"description": "docker: IPv6 router advertisements allow for MitM attacks", "id": "1833233", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833233"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-300", "details": ["An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.", "A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle (MitM) attack against the host network or another container."], "mitigation": {"lang": "en:us", "value": "Prevent untrusted, non-privileged containers from running with CAP_NET_RAW."}, "name": "CVE-2020-13401", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "docker", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-06-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-13401\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13401\nhttps://docs.docker.com/engine/release-notes/#190311\nhttps://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8"], "threat_severity": "Moderate"}