Moderate severityNVD Advisory· Published Jun 3, 2020· Updated Sep 16, 2024
Calico nodes IPv6 traffic redirection from route advertisment
CVE-2020-13597
Description
Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/projectcalico/calicoGo | >= 3.14.0, < 3.14.1 | 3.14.1 |
github.com/projectcalico/calicoGo | >= 3.13.0, < 3.13.4 | 3.13.4 |
github.com/projectcalico/calicoGo | >= 3.12.0, < 3.12.2 | 3.12.2 |
github.com/projectcalico/calicoGo | >= 3.11.0, < 3.11.3 | 3.11.3 |
github.com/projectcalico/calicoGo | >= 3.10.0, < 3.10.4 | 3.10.4 |
github.com/projectcalico/calicoGo | >= 3.9.0, < 3.9.6 | 3.9.6 |
github.com/projectcalico/calicoGo | < 3.8.9 | 3.8.9 |
Affected products
43- osv-coords42 versionspkg:apk/chainguard/calicopkg:apk/chainguard/calico-apiserverpkg:apk/chainguard/calico-app-policypkg:apk/chainguard/calico-cnipkg:apk/chainguard/calico-cni-compatpkg:apk/chainguard/calico-cni-fips-compatpkg:apk/chainguard/calicoctlpkg:apk/chainguard/calicoctl-fipspkg:apk/chainguard/calico-felixpkg:apk/chainguard/calico-fipspkg:apk/chainguard/calico-fips-apiserverpkg:apk/chainguard/calico-fips-app-policypkg:apk/chainguard/calico-fips-cnipkg:apk/chainguard/calico-fips-felixpkg:apk/chainguard/calico-fips-key-cert-provisionerpkg:apk/chainguard/calico-fips-kube-controllerspkg:apk/chainguard/calico-fips-nodepkg:apk/chainguard/calico-fips-pod2daemonpkg:apk/chainguard/calico-fips-typha-clientpkg:apk/chainguard/calico-fips-typhadpkg:apk/chainguard/calico-key-cert-provisionerpkg:apk/chainguard/calico-kube-controllerspkg:apk/chainguard/calico-nodepkg:apk/chainguard/calico-pod2daemonpkg:apk/chainguard/calico-pod2daemon-flexvol-compatpkg:apk/chainguard/calico-typha-clientpkg:apk/chainguard/calico-typhadpkg:apk/wolfi/calicopkg:apk/wolfi/calico-apiserverpkg:apk/wolfi/calico-app-policypkg:apk/wolfi/calico-cnipkg:apk/wolfi/calico-cni-compatpkg:apk/wolfi/calicoctlpkg:apk/wolfi/calico-felixpkg:apk/wolfi/calico-key-cert-provisionerpkg:apk/wolfi/calico-kube-controllerspkg:apk/wolfi/calico-nodepkg:apk/wolfi/calico-pod2daemonpkg:apk/wolfi/calico-pod2daemon-flexvol-compatpkg:apk/wolfi/calico-typha-clientpkg:apk/wolfi/calico-typhadpkg:golang/github.com/projectcalico/calico
< 0+ 41 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 3.14.0, < 3.14.1
- Range: 3.14.0
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-pf59-j7c2-rh6xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13597ghsaADVISORY
- github.com/containernetworking/plugins/commit/ad10b6fa91aacd720f1f9ab94341a97a82a24965ghsaWEB
- github.com/containernetworking/plugins/pull/484ghsaWEB
- github.com/kubernetes/kubernetes/issues/91507ghsax_refsource_CONFIRMWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/mitrex_refsource_CONFIRM
- www.projectcalico.org/security-bulletinsghsaWEB
- www.projectcalico.org/security-bulletins/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.