22 matches found
SUSE CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499
A flaw was found in the CNI Container Network Interface portmap plugin. This vulnerability allows containers to intercept all traffic destined for a host port via inadvertent forwarding of traffic with the same destination port when the plugin is configured with the nftables backend, ignoring the...
Linux Distros Unpatched Vulnerability : CVE-2025-67499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently...
CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
UBUNTU-CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499
The CVE-2025-67499 issue affects the CNI portmap plugin (versions 1.6.0–1.8.0) when configured with the nftables backend: it forwards all traffic sharing the host port, ignoring the destination IP, enabling containers requesting HostPort forwarding to intercept traffic not intended for the node. ...
CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499 CNI Plugins Portmap nftables backend intercepts non-local traffic
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
GHSA-JV3W-X3R3-G6RM CNA Plugins Portmap nftables backend can intercept non-local traffic
Background The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. For example, if a host has the IP 198.51.100.42, a container may request that all packets to 198.51.100.42:53 be forwarded to the container's network. Vulnerability When t...
PT-2025-50280
Name of the Vulnerable Software and Affected Versions CNI portmap plugin versions 1.6.0 through 1.8.0 Description The CNI portmap plugin flaw allows containers to intercept traffic not intended for the node. This occurs when the plugin is configured with the nftables backend, inadvertently...
SUSE CVE-2019-9946
Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...
CVE-2019-9946
Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...
kubernetes: Incorrect rule injection in CNI portmap plugin
Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a CNI security vulnerability
Summary IBM Cloud Kubernetes Service is affected by a CNI security vulnerability which could result in weaker than expected security. Vulnerability Details CVE-ID: CVE-2019-9946 Description: Kubernetes could provide weaker than expected security, caused by an interaction when paired with the...
Google Kubernetes CNI Portmap Plugin Remote Vulnerability
Google Kubernetes is an open source Docker container cluster management system from Google. The system provides resource scheduling , deployment and operation , service discovery and expansion and contraction for containerized applications.CNI Portmap Plugin is one of the plugins. A security...
DEBIAN-CVE-2019-9946
Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...
CVE-2019-9946
Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...
Code injection
Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...