2.6
CVE-2018-1002102
- EPSS 0.21%
- Veröffentlicht 05.12.2019 16:15:10
- Zuletzt bearbeitet 21.11.2024 03:40:38
- Quelle jordan@liggitt.net
- Teams Watchlist Login
- Unerledigt Login
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kubernetes ≫ Kubernetes Version >= 1.10.0 <= 1.13.13
Kubernetes ≫ Kubernetes Version1.14.0 Updatealpha0
Kubernetes ≫ Kubernetes Version1.14.0 Updatealpha1
Fedoraproject ≫ Fedora Version31
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.431 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 1 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:N/AC:H/Au:S/C:P/I:N/A:N
|
| jordan@liggitt.net | 2.6 | 1 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.