733354 – (CVE-2020-13597) net-misc/calico-cni-plugin: MiTM vulnerability (CVE-2020-13597)

Bug 733354 (CVE-2020-13597) - net-misc/calico-cni-plugin: MiTM vulnerability (CVE-2020-13597)

Summary: net-misc/calico-cni-plugin: MiTM vulnerability (CVE-2020-13597)

Status:	RESOLVED FIXED

Alias:	CVE-2020-13597

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:	https://www.projectcalico.org/securit...
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2020-07-20 18:34 UTC by John Helmert III
Modified:	2022-09-18 21:24 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-07-20 18:34:36 UTC

CVE-2020-13597:

Clusters using IPv4 may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with default privilege is able to reconfigure the node’s IPv6 interface and redirect traffic from the node to the compromised pod. This includes traffic to domains that offer an IPv6 address that would otherwise have been reached by IPv4. Upgrade to latest Calico or Calico Enterprise releases to close this vulnerability. An initial severity medium has been given for this vulnerability.



Unsure about whether both calico packages are affected by this so both in summary.

Comment 1 Larry the Git Cow gentoo-dev

2022-08-14 23:08:12 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5684285ad69a284fae9a61392fc12f6a3b0e2924

commit 5684285ad69a284fae9a61392fc12f6a3b0e2924
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-08-14 23:06:16 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-14 23:07:16 +0000

    profiles: last rite calicoctl, calico-cni-plugin
    
    Bug: https://bugs.gentoo.org/733354
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 profiles/package.mask | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Comment 2 Larry the Git Cow gentoo-dev

2022-09-18 21:23:43 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78c5cf203e4bc125e5d35e1e0d2c4b262daa2ce8

commit 78c5cf203e4bc125e5d35e1e0d2c4b262daa2ce8
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-09-18 21:19:22 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-18 21:19:22 +0000

    net-misc/calico-cni-plugin: treeclean
    
    Bug: https://bugs.gentoo.org/733354
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-misc/calico-cni-plugin/Manifest                |  69 -------------
 .../calico-cni-plugin-3.1.3.ebuild                 | 113 ---------------------
 net-misc/calico-cni-plugin/metadata.xml            |   8 --
 profiles/package.mask                              |   6 --
 4 files changed, 196 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95a2c63db81cc96a47e99cdbe5af0b63302ff06e

commit 95a2c63db81cc96a47e99cdbe5af0b63302ff06e
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-09-18 21:18:43 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-18 21:18:43 +0000

    net-misc/calicoctl: treeclean
    
    Bug: https://bugs.gentoo.org/733354
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-misc/calicoctl/Manifest               |  85 ---------------------
 net-misc/calicoctl/calicoctl-3.1.3.ebuild | 123 ------------------------------
 net-misc/calicoctl/metadata.xml           |   8 --
 3 files changed, 216 deletions(-)