Cni Network Plugins
Monthly
The CNI portmap plugin versions 1.6.0 through 1.8.0 contain a traffic interception vulnerability when configured with the nftables backend, allowing containers to receive and intercept all traffic destined for their configured HostPort regardless of destination IP address. This affects Linux Foundation's CNI Network Plugins, and an attacker with local privileges and control over a container can intercept traffic intended for other containers or services on the same node. The vulnerability has a published patch available in version 1.9.0, an extremely low EPSS score of 0.02% indicates minimal real-world exploitation likelihood, and there is no indication of active exploitation in the wild.
The CNI portmap plugin versions 1.6.0 through 1.8.0 contain a traffic interception vulnerability when configured with the nftables backend, allowing containers to receive and intercept all traffic destined for their configured HostPort regardless of destination IP address. This affects Linux Foundation's CNI Network Plugins, and an attacker with local privileges and control over a container can intercept traffic intended for other containers or services on the same node. The vulnerability has a published patch available in version 1.9.0, an extremely low EPSS score of 0.02% indicates minimal real-world exploitation likelihood, and there is no indication of active exploitation in the wild.