SCA: security update for github.com/weaveworks/weave (GHSA-59qg-grp7-5r73)

medium Tenable Cloud Security Plugin ID 410743

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to
respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with
an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel
cmdline), it will be either unconfigured or configured on some interfaces, but it's pretty likely that
ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by default,
/proc/sys/net/ipv6/conf//accept_ra == 1. The combination of these 2 sysctls means that the host accepts
router advertisements and configure the IPv6 stack using them. By sending rogue router advertisements, an
attacker can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker
controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA
(IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an
opportunity to the attacker to respond. If by chance you also have on the host a vulnerability like last
year's RCE in apt (CVE-2019-3462), you can now escalate to the host. Weave Net version 2.6.3 disables the
accept_ra option on the veth devices that it creates. (CVE-2020-11091)

See Also

https://github.com/advisories/GHSA-59qg-grp7-5r73

Plugin Details

Severity: Medium

ID: 410743

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3.3

Percentile: 50.87

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2020-11091

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 5/27/2021

Vulnerability Publication Date: 6/3/2020

Reference Information

CVE: CVE-2020-11091

cwe: CWE-350