CVE-2018-1002105

State: PUBLISHED · Published: 2018-12-05 · Updated: 2024-08-05 · Assigner: kubernetes

Description

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

CWE

(none)

Affected

Kubernetes / Kubernetes — v=v1.0.x [affected]; v=v1.1.x [affected]; v=v1.2.x [affected]; v=v1.3.x [affected]; v=v1.4.x [affected]; v=v1.5.x [affected]; v=v1.6.x [affected]; v=v1.7.x [affected]; v=v1.8.x [affected]; v=v1.9.x [affected]; v=unspecified <v1.10.11 [affected]; v=unspecified <v1.11.5 [affected]; v=unspecified <v1.12.3 [affected]

CVSS

3.0 score=9.8 severity=CRITICAL CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88 x_refsource_CONFIRM
https://www.exploit-db.com/exploits/46053/ exploit, x_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2018:3549 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3752 vendor-advisory, x_refsource_REDHAT
https://www.exploit-db.com/exploits/46052/ exploit, x_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2018:3624 vendor-advisory, x_refsource_REDHAT
https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do x_refsource_MISC
https://github.com/kubernetes/kubernetes/issues/71411 x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3742 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3754 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3537 vendor-advisory, x_refsource_REDHAT
https://github.com/evict/poc_CVE-2018-1002105 x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3598 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3551 vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/106068 vdb-entry, x_refsource_BID
https://security.netapp.com/advisory/ntap-20190416-0001/ x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2019/06/28/2 mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/3 mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/4 mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html vendor-advisory, x_refsource_SUSE

Source

cvelistV5-main/cves/2018/1002xxx/CVE-2018-1002105.json