9.8
CVE-2018-1002101
- EPSS 0.65%
- Published 05.12.2018 21:29:00
- Last modified 21.11.2024 03:40:38
- Source jordan@liggitt.net
- Teams watchlist Login
- Open Login
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
Data is provided by the National Vulnerability Database (NVD)
Kubernetes ≫ Kubernetes Version >= 1.9.0 <= 1.9.9
Kubernetes ≫ Kubernetes Version >= 1.10.0 <= 1.10.5
Kubernetes ≫ Kubernetes Version >= 1.11.0 <= 1.11.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.699 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| jordan@liggitt.net | 5.9 | 0.7 | 5.2 |
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
|