Vulnerability Details : CVE-2018-1002105
Public exploit exists!
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
Products affected by CVE-2018-1002105
- cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:kubernetes:1.9.12:beta0:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1002105
37.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1002105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Kubernetes | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-1002105
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1002105
-
https://access.redhat.com/errata/RHSA-2018:3742
RHSA-2018:3742 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20190416-0001/
CVE-2018-1002105 Kubernetes Privilege Escalation Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
[security-announce] openSUSE-SU-2020:0554-1: important: Security update
-
https://www.exploit-db.com/exploits/46052/
Kubernetes - (Unauthenticated) Arbitrary RequestsVDB Entry;Exploit;Third Party Advisory
-
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
Google GroepenMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3549
RHSA-2018:3549 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/07/06/4
oss-security - Re: linux-distros membership application - Microsoft
-
https://github.com/kubernetes/kubernetes/issues/71411
CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections · Issue #71411 · kubernetes/kubernetes · GitHubMitigation;Issue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3598
RHSA-2018:3598 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/evict/poc_CVE-2018-1002105
GitHub - evict/poc_CVE-2018-1002105: PoC for CVE-2018-1002105.Exploit;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3551
RHSA-2018:3551 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3752
RHSA-2018:3752 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/07/06/3
oss-security - Re: linux-distros membership application - Microsoft
-
http://www.openwall.com/lists/oss-security/2019/06/28/2
oss-security - Re: linux-distros membership application - Microsoft
-
http://www.securityfocus.com/bid/106068
Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation VulnerabilityVDB Entry;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3624
RHSA-2018:3624 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3754
RHSA-2018:3754 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
Coalfire - Kubernetes Vulnerability: What You Can and Should Do to Protect Your EnterpriseMitigation;Third Party Advisory
-
https://www.exploit-db.com/exploits/46053/
Kubernetes - (Authenticated) Arbitrary RequestsExploit;Third Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:3537
RHSA-2018:3537 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to