9.8

CVE-2018-1002105

Exploit
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KubernetesKubernetes Version >= 1.0.0 <= 1.9.11
KubernetesKubernetes Version >= 1.10.0 <= 1.10.10
KubernetesKubernetes Version >= 1.11.0 <= 1.11.4
KubernetesKubernetes Version >= 1.12.0 <= 1.12.2
KubernetesKubernetes Version1.9.12 Updatebeta0
NetappTrident Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 86.98% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
jordan@liggitt.net 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
https://access.redhat.com/errata/RHSA-2018:3537
Third Party Advisory
http://www.securityfocus.com/bid/106068
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:3549
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3551
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3598
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3624
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3742
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3752
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3754
Third Party Advisory
https://github.com/evict/poc_CVE-2018-1002105
Third Party Advisory
Exploit
https://github.com/kubernetes/kubernetes/issues/71411
Patch
Third Party Advisory
Issue Tracking
Mitigation
https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88
https://security.netapp.com/advisory/ntap-20190416-0001/
Third Party Advisory
https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
Third Party Advisory
Mitigation
https://www.exploit-db.com/exploits/46052/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/46053/
Third Party Advisory
Exploit
VDB Entry