CVE-2018-1002105 : In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upg

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Published 2018-12-05 21:29:00

Updated 2019-06-28 21:15:10

Source Kubernetes

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2018-1002105

Probability of exploitation activity in the next 30 days: 47.45%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-1002105

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	Kubernetes
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-1002105

CWE-388

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1002105

https://access.redhat.com/errata/RHSA-2018:3742

RHSA-2018:3742 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190416-0001/

CVE-2018-1002105 Kubernetes Privilege Escalation Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html

[security-announce] openSUSE-SU-2020:0554-1: important: Security update

CVEs referencing this url
https://www.exploit-db.com/exploits/46052/

Kubernetes - (Unauthenticated) Arbitrary Requests
VDB Entry;Exploit;Third Party Advisory
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88

Google Groepen
Mailing List;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3549

RHSA-2018:3549 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/4

oss-security - Re: linux-distros membership application - Microsoft

CVEs referencing this url
https://github.com/kubernetes/kubernetes/issues/71411

CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections · Issue #71411 · kubernetes/kubernetes · GitHub
Mitigation;Issue Tracking;Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3598

RHSA-2018:3598 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://github.com/evict/poc_CVE-2018-1002105

GitHub - evict/poc_CVE-2018-1002105: PoC for CVE-2018-1002105.
Exploit;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3551

RHSA-2018:3551 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3752

RHSA-2018:3752 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/3

oss-security - Re: linux-distros membership application - Microsoft

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2019/06/28/2

oss-security - Re: linux-distros membership application - Microsoft

CVEs referencing this url
http://www.securityfocus.com/bid/106068

Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability
VDB Entry;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3624

RHSA-2018:3624 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3754

RHSA-2018:3754 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do

Coalfire - Kubernetes Vulnerability: What You Can and Should Do to Protect Your Enterprise
Mitigation;Third Party Advisory
https://www.exploit-db.com/exploits/46053/

Kubernetes - (Authenticated) Arbitrary Requests
Exploit;Third Party Advisory;VDB Entry
https://access.redhat.com/errata/RHSA-2018:3537

RHSA-2018:3537 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2018-1002105

Redhat » Openshift Container Platform » Version: 3.3
cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.2
cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.5
cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.4
cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.6
cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.11
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.8
cpe:2.3:a:redhat:openshift_container_platform:3.8:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 3.10
cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
Matching versions
Netapp » Trident » Version: N/A
cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*
Matching versions
Kubernetes » Kubernetes
Versions from including (>=) 1.12.0 and up to, including, (<=) 1.12.2
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Matching versions
Kubernetes » Kubernetes
Versions from including (>=) 1.0.0 and up to, including, (<=) 1.9.11
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Matching versions
Kubernetes » Kubernetes
Versions from including (>=) 1.11.0 and up to, including, (<=) 1.11.4
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Matching versions
Kubernetes » Kubernetes
Versions from including (>=) 1.10.0 and up to, including, (<=) 1.10.10
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Matching versions
Kubernetes » Kubernetes » Version: 1.9.12 Update Beta0
cpe:2.3:a:kubernetes:kubernetes:1.9.12:beta0:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2018-1002105

Exploit prediction scoring system (EPSS) score for CVE-2018-1002105

CVSS scores for CVE-2018-1002105

CWE ids for CVE-2018-1002105

References for CVE-2018-1002105

Products affected by CVE-2018-1002105