CWE-300
Channel Accessible by Non-Endpoint
Description
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-466 · CAPEC-57 · CAPEC-589 · CAPEC-590 · CAPEC-612 · CAPEC-613 · CAPEC-615 · CAPEC-662 · CAPEC-94
CVEs mapped to this weakness (23)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10749 | — | 0.00 | — | 0.02 | Jun 3, 2020 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router… | ||
| CVE-2020-2185 | 0.00 | — | 0.01 | May 6, 2020 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | |||
| CVE-2019-16546 | 0.00 | — | 0.01 | Nov 21, 2019 | Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. |
- CVE-2020-10749Jun 3, 2020risk 0.00cvss —epss 0.02
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router…
- CVE-2020-2185May 6, 2020risk 0.00cvss —epss 0.01
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
- CVE-2019-16546Nov 21, 2019risk 0.00cvss —epss 0.01
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.