Vulnerability-Lookup

CVE-2018-1002105 (GCVE-0-2018-1002105)

Vulnerability from cvelistv5 – Published: 2018-12-05 21:00 – Updated: 2024-08-05 12:47

Summary

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Unchecked Error Condition

Assigner

kubernetes

References

URL

Tags

	https://groups.google.com/forum/#%21topic/kuberne…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/46053/	exploitx_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2018:3549	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3752	vendor-advisoryx_refsource_REDHAT
	https://www.exploit-db.com/exploits/46052/	exploitx_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2018:3624	vendor-advisoryx_refsource_REDHAT
	https://www.coalfire.com/The-Coalfire-Blog/Decemb…	x_refsource_MISC
	https://github.com/kubernetes/kubernetes/issues/71411	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:3742	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3754	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3537	vendor-advisoryx_refsource_REDHAT
	https://github.com/evict/poc_CVE-2018-1002105	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:3598	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3551	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/106068	vdb-entryx_refsource_BID
	https://security.netapp.com/advisory/ntap-2019041…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2019/06/28/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/07/06/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/07/06/4	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Kubernetes	Kubernetes	Affected: v1.0.x Affected: v1.1.x Affected: v1.2.x Affected: v1.3.x Affected: v1.4.x Affected: v1.5.x Affected: v1.6.x Affected: v1.7.x Affected: v1.8.x Affected: v1.9.x Affected: unspecified , < v1.10.11 (custom) Affected: unspecified , < v1.11.5 (custom) Affected: unspecified , < v1.12.3 (custom)

Credits

Reported by Darren Shepherd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:47:57.159Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
          },
          {
            "name": "46053",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46053/"
          },
          {
            "name": "RHSA-2018:3549",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3549"
          },
          {
            "name": "RHSA-2018:3752",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3752"
          },
          {
            "name": "46052",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46052/"
          },
          {
            "name": "RHSA-2018:3624",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3624"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/kubernetes/issues/71411"
          },
          {
            "name": "RHSA-2018:3742",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3742"
          },
          {
            "name": "RHSA-2018:3754",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3754"
          },
          {
            "name": "RHSA-2018:3537",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3537"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/evict/poc_CVE-2018-1002105"
          },
          {
            "name": "RHSA-2018:3598",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3598"
          },
          {
            "name": "RHSA-2018:3551",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3551"
          },
          {
            "name": "106068",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "name": "openSUSE-SU-2020:0554",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kubernetes",
          "vendor": "Kubernetes",
          "versions": [
            {
              "status": "affected",
              "version": "v1.0.x"
            },
            {
              "status": "affected",
              "version": "v1.1.x"
            },
            {
              "status": "affected",
              "version": "v1.2.x"
            },
            {
              "status": "affected",
              "version": "v1.3.x"
            },
            {
              "status": "affected",
              "version": "v1.4.x"
            },
            {
              "status": "affected",
              "version": "v1.5.x"
            },
            {
              "status": "affected",
              "version": "v1.6.x"
            },
            {
              "status": "affected",
              "version": "v1.7.x"
            },
            {
              "status": "affected",
              "version": "v1.8.x"
            },
            {
              "status": "affected",
              "version": "v1.9.x"
            },
            {
              "lessThan": "v1.10.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.11.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "v1.12.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by Darren Shepherd"
        }
      ],
      "dateAssigned": "2018-11-05T00:00:00.000Z",
      "datePublic": "2018-12-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unchecked Error Condition",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-26T20:06:09.000Z",
        "orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
        "shortName": "kubernetes"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
        },
        {
          "name": "46053",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46053/"
        },
        {
          "name": "RHSA-2018:3549",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3549"
        },
        {
          "name": "RHSA-2018:3752",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3752"
        },
        {
          "name": "46052",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46052/"
        },
        {
          "name": "RHSA-2018:3624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3624"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/kubernetes/kubernetes/issues/71411"
        },
        {
          "name": "RHSA-2018:3742",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3742"
        },
        {
          "name": "RHSA-2018:3754",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3754"
        },
        {
          "name": "RHSA-2018:3537",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3537"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/evict/poc_CVE-2018-1002105"
        },
        {
          "name": "RHSA-2018:3598",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3598"
        },
        {
          "name": "RHSA-2018:3551",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3551"
        },
        {
          "name": "106068",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "name": "openSUSE-SU-2020:0554",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "DATE_ASSIGNED": "2018-11-05",
          "ID": "CVE-2018-1002105",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kubernetes",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "v1.0.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.1.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.2.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.3.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.4.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.5.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.6.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.7.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.8.x"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "v1.9.x"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "v1.10.11"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "v1.11.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "v1.12.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Kubernetes"
              }
            ]
          }
        },
        "credit": [
          "Reported by Darren Shepherd"
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unchecked Error Condition"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
            },
            {
              "name": "46053",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46053/"
            },
            {
              "name": "RHSA-2018:3549",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3549"
            },
            {
              "name": "RHSA-2018:3752",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3752"
            },
            {
              "name": "46052",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46052/"
            },
            {
              "name": "RHSA-2018:3624",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3624"
            },
            {
              "name": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do",
              "refsource": "MISC",
              "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
            },
            {
              "name": "https://github.com/kubernetes/kubernetes/issues/71411",
              "refsource": "CONFIRM",
              "url": "https://github.com/kubernetes/kubernetes/issues/71411"
            },
            {
              "name": "RHSA-2018:3742",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3742"
            },
            {
              "name": "RHSA-2018:3754",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3754"
            },
            {
              "name": "RHSA-2018:3537",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3537"
            },
            {
              "name": "https://github.com/evict/poc_CVE-2018-1002105",
              "refsource": "MISC",
              "url": "https://github.com/evict/poc_CVE-2018-1002105"
            },
            {
              "name": "RHSA-2018:3598",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3598"
            },
            {
              "name": "RHSA-2018:3551",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3551"
            },
            {
              "name": "106068",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106068"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190416-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "openSUSE-SU-2020:0554",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
    "assignerShortName": "kubernetes",
    "cveId": "CVE-2018-1002105",
    "datePublished": "2018-12-05T21:00:00.000Z",
    "dateReserved": "2018-12-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T12:47:57.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1002105

Vulnerability from fstec - Published: 29.01.2019

Title

Уязвимость программного средства управления кластерами виртуальных машин Kubernetes, связанная с некорректной обработкой ошибок, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость программного средства управления кластерами виртуальных машин Kubernetes связана с некорректной обработкой ошибок. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Google Inc

Software Name

Kubernetes

Software Version

от 1.0.0 до 1.9.11 включительно (Kubernetes), от 1.10.0 до 1.10.10 включительно (Kubernetes), от 1.11.0 до 1.11.5 включительно (Kubernetes), от 1.12.0 до 1.12.3 включительно (Kubernetes)

Possible Mitigations

Обновление пограммного обеспечения до более поздней версии

Reference

https://www.securitylab.ru/news/496803.php https://nvd.nist.gov/vuln/detail/CVE-2018-1002105

CWE

CWE-388

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 1.0.0 \u0434\u043e 1.9.11 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Kubernetes), \u043e\u0442 1.10.0 \u0434\u043e 1.10.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Kubernetes), \u043e\u0442 1.11.0 \u0434\u043e 1.11.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Kubernetes), \u043e\u0442 1.12.0 \u0434\u043e 1.12.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Kubernetes)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.01.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.03.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00822",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1002105",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Kubernetes",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430\u043c\u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d Kubernetes, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043e\u0448\u0438\u0431\u043e\u043a, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043e\u0448\u0438\u0431\u043e\u043a (CWE-388)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430\u043c\u0438 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d Kubernetes \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043e\u0448\u0438\u0431\u043e\u043a. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securitylab.ru/news/496803.php\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-388",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

FKIE_CVE-2018-1002105

Vulnerability from fkie_nvd - Published: 2018-12-05 21:29 - Updated: 2024-11-21 03:40

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
jordan@liggitt.net	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
jordan@liggitt.net	http://www.openwall.com/lists/oss-security/2019/06/28/2
jordan@liggitt.net	http://www.openwall.com/lists/oss-security/2019/07/06/3
jordan@liggitt.net	http://www.openwall.com/lists/oss-security/2019/07/06/4
jordan@liggitt.net	http://www.securityfocus.com/bid/106068	Third Party Advisory, VDB Entry
jordan@liggitt.net	https://access.redhat.com/errata/RHSA-2018:3537	Third Party Advisory
jordan@liggitt.net	https://access.redhat.com/errata/RHSA-2018:3549	Third Party Advisory
jordan@liggitt.net	https://access.redhat.com/errata/RHSA-2018:3551	Third Party Advisory
jordan@liggitt.net	https://access.redhat.com/errata/RHSA-2018:3598	Third Party Advisory
jordan@liggitt.net	https://access.redhat.com/errata/RHSA-2018:3624	Third Party Advisory
jordan@liggitt.net	https://access.redhat.com/errata/RHSA-2018:3742	Third Party Advisory
jordan@liggitt.net	https://access.redhat.com/errata/RHSA-2018:3752	Third Party Advisory
jordan@liggitt.net	https://access.redhat.com/errata/RHSA-2018:3754	Third Party Advisory
jordan@liggitt.net	https://github.com/evict/poc_CVE-2018-1002105	Exploit, Third Party Advisory
jordan@liggitt.net	https://github.com/kubernetes/kubernetes/issues/71411	Issue Tracking, Mitigation, Patch, Third Party Advisory
jordan@liggitt.net	https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88
jordan@liggitt.net	https://security.netapp.com/advisory/ntap-20190416-0001/	Third Party Advisory
jordan@liggitt.net	https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do	Mitigation, Third Party Advisory
jordan@liggitt.net	https://www.exploit-db.com/exploits/46052/	Exploit, Third Party Advisory, VDB Entry
jordan@liggitt.net	https://www.exploit-db.com/exploits/46053/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/06/28/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/07/06/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/07/06/4
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106068	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3537	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3549	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3551	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3598	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3624	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3742	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3752	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3754	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/evict/poc_CVE-2018-1002105	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/kubernetes/kubernetes/issues/71411	Issue Tracking, Mitigation, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190416-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/46052/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/46053/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
kubernetes	kubernetes	*
kubernetes	kubernetes	*
kubernetes	kubernetes	*
kubernetes	kubernetes	*
kubernetes	kubernetes	1.9.12
redhat	openshift_container_platform	3.2
redhat	openshift_container_platform	3.3
redhat	openshift_container_platform	3.4
redhat	openshift_container_platform	3.5
redhat	openshift_container_platform	3.6
redhat	openshift_container_platform	3.8
redhat	openshift_container_platform	3.10
redhat	openshift_container_platform	3.11
netapp	trident	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "389826D3-C28B-4EA5-8398-307B06A09A65",
              "versionEndIncluding": "1.9.11",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A71A5EC9-75B0-43DE-B77D-B560D350E99D",
              "versionEndIncluding": "1.10.10",
              "versionStartIncluding": "1.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96DEFC7F-6DBC-43C0-AF50-4B8B89A4634D",
              "versionEndIncluding": "1.11.4",
              "versionStartIncluding": "1.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08512A98-DAED-4C31-8B23-A5DF260EA78B",
              "versionEndIncluding": "1.12.2",
              "versionStartIncluding": "1.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.9.12:beta0:*:*:*:*:*:*",
              "matchCriteriaId": "B4C657CF-5878-465A-BEC7-2718AB267C77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C10044B3-FBB1-4031-9060-D3A2915B164C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3ADA26-2B9E-4ABA-A224-910BD75CCE00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E80045-56E4-4A83-8168-CFED5E55CE45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E792B5DC-CCD2-4A50-B72F-860A3BFAF165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B75DC91F-0D25-42F9-8B7B-3ECCE6AB8174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E50A070E-96A9-45D7-B155-00243D17F7A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
    },
    {
      "lang": "es",
      "value": "En todas las versiones de Kubernetes anteriores a la v1.10.11, v1.11.5 y la v1.12.3, el manejo incorrecto de las respuestas de error a las peticiones de actualizaci\u00f3n en el proxy en kube-apiserver permit\u00edan que las peticiones especialmente manipuladas estableciesen una conexi\u00f3n mediante el servidor de la API de Kubernetes a los servidores del backend y enviasen peticiones arbitrarias en la misma conexi\u00f3n directamente al backend, autenticadas con las credenciales TLS del servidor de la API de Kubernetes empleadas para establecer la conexi\u00f3n con el backend."
    }
  ],
  "id": "CVE-2018-1002105",
  "lastModified": "2024-11-21T03:40:38.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "jordan@liggitt.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-05T21:29:00.403",
  "references": [
    {
      "source": "jordan@liggitt.net",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
    },
    {
      "source": "jordan@liggitt.net",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "source": "jordan@liggitt.net",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "source": "jordan@liggitt.net",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106068"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3537"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3549"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3551"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3598"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3624"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3742"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3752"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3754"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/evict/poc_CVE-2018-1002105"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/kubernetes/kubernetes/issues/71411"
    },
    {
      "source": "jordan@liggitt.net",
      "url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46052/"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46053/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/evict/poc_CVE-2018-1002105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/kubernetes/kubernetes/issues/71411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46052/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46053/"
    }
  ],
  "sourceIdentifier": "jordan@liggitt.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-388"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-579H-MV94-G4GP

Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2021-05-20 20:40

Summary

Privilege Escalation in Kubernetes

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/kubernetes/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0"
            },
            {
              "fixed": "1.12.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1002105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-20T20:40:04Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection.",
  "id": "GHSA-579h-mv94-g4gp",
  "modified": "2021-05-20T20:40:04Z",
  "published": "2022-02-15T01:57:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/71411"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/bid/106068"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46053"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46052"
    },
    {
      "type": "WEB",
      "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190416-0001"
    },
    {
      "type": "WEB",
      "url": "https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
    },
    {
      "type": "WEB",
      "url": "https://github.com/evict/poc_CVE-2018-1002105"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3754"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3752"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3742"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3624"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3598"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3551"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3549"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3537"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Privilege Escalation in Kubernetes"
}

GSD-2018-1002105

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1002105

Aliases

CVE-2018-1002105

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1002105",
    "description": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection.",
    "id": "GSD-2018-1002105",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-1002105.html",
      "https://access.redhat.com/errata/RHSA-2018:3754",
      "https://access.redhat.com/errata/RHSA-2018:3752",
      "https://access.redhat.com/errata/RHSA-2018:3742",
      "https://access.redhat.com/errata/RHSA-2018:3624",
      "https://access.redhat.com/errata/RHSA-2018:3598",
      "https://access.redhat.com/errata/RHSA-2018:3551",
      "https://access.redhat.com/errata/RHSA-2018:3549",
      "https://access.redhat.com/errata/RHSA-2018:3537",
      "https://access.redhat.com/errata/RHSA-2018:2908",
      "https://access.redhat.com/errata/RHSA-2018:2906",
      "https://linux.oracle.com/cve/CVE-2018-1002105.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1002105"
      ],
      "details": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection.",
      "id": "GSD-2018-1002105",
      "modified": "2023-12-13T01:22:37.795759Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@kubernetes.io",
        "DATE_ASSIGNED": "2018-11-05",
        "ID": "CVE-2018-1002105",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Kubernetes",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "v1.0.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.1.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.2.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.3.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.4.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.5.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.6.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.7.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.8.x"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "v1.9.x"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "v1.10.11"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "v1.11.5"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "v1.12.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Kubernetes"
            }
          ]
        }
      },
      "credit": [
        "Reported by Darren Shepherd"
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Unchecked Error Condition"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
            "refsource": "CONFIRM",
            "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
          },
          {
            "name": "46053",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/46053/"
          },
          {
            "name": "RHSA-2018:3549",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3549"
          },
          {
            "name": "RHSA-2018:3752",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3752"
          },
          {
            "name": "46052",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/46052/"
          },
          {
            "name": "RHSA-2018:3624",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3624"
          },
          {
            "name": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do",
            "refsource": "MISC",
            "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
          },
          {
            "name": "https://github.com/kubernetes/kubernetes/issues/71411",
            "refsource": "CONFIRM",
            "url": "https://github.com/kubernetes/kubernetes/issues/71411"
          },
          {
            "name": "RHSA-2018:3742",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3742"
          },
          {
            "name": "RHSA-2018:3754",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3754"
          },
          {
            "name": "RHSA-2018:3537",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3537"
          },
          {
            "name": "https://github.com/evict/poc_CVE-2018-1002105",
            "refsource": "MISC",
            "url": "https://github.com/evict/poc_CVE-2018-1002105"
          },
          {
            "name": "RHSA-2018:3598",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3598"
          },
          {
            "name": "RHSA-2018:3551",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3551"
          },
          {
            "name": "106068",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106068"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190416-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "name": "openSUSE-SU-2020:0554",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.10.11||\u003e=1.11.0 \u003c1.11.5||\u003e=1.12.0 \u003c1.12.3",
          "affected_versions": "All versions before 1.10.11, all versions starting from 1.11.0 before 1.11.5, all versions starting from 1.12.0 before 1.12.3",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-388",
            "CWE-937"
          ],
          "date": "2022-04-12",
          "description": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection.",
          "fixed_versions": [
            "1.10.11",
            "1.11.5",
            "1.12.3"
          ],
          "identifier": "CVE-2018-1002105",
          "identifiers": [
            "GHSA-579h-mv94-g4gp",
            "CVE-2018-1002105"
          ],
          "not_impacted": "All versions starting from 1.10.11 before 1.11.0, all versions starting from 1.11.5 before 1.12.0, all versions starting from 1.12.3",
          "package_slug": "go/github.com/kubernetes/kubernetes",
          "pubdate": "2022-02-15",
          "solution": "Upgrade to versions 1.10.11, 1.11.5, 1.12.3 or above.",
          "title": "Privilege Escalation in Kubernetes",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105",
            "https://github.com/kubernetes/kubernetes/issues/71411",
            "https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905",
            "https://access.redhat.com/errata/RHSA-2018:3537",
            "https://access.redhat.com/errata/RHSA-2018:3549",
            "https://access.redhat.com/errata/RHSA-2018:3551",
            "https://access.redhat.com/errata/RHSA-2018:3598",
            "https://access.redhat.com/errata/RHSA-2018:3624",
            "https://access.redhat.com/errata/RHSA-2018:3742",
            "https://access.redhat.com/errata/RHSA-2018:3752",
            "https://access.redhat.com/errata/RHSA-2018:3754",
            "https://github.com/evict/poc_CVE-2018-1002105",
            "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
            "https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html",
            "https://security.netapp.com/advisory/ntap-20190416-0001/",
            "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do",
            "https://www.exploit-db.com/exploits/46052/",
            "https://www.exploit-db.com/exploits/46053",
            "https://www.exploit-db.com/exploits/46053/",
            "https://www.openwall.com/lists/oss-security/2019/06/28/2",
            "https://www.openwall.com/lists/oss-security/2019/07/06/3",
            "https://www.openwall.com/lists/oss-security/2019/07/06/4",
            "https://www.securityfocus.com/bid/106068",
            "https://github.com/advisories/GHSA-579h-mv94-g4gp"
          ],
          "uuid": "32f1149d-cad0-495d-81dd-d090c8da5381"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.12.2",
                "versionStartIncluding": "1.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.9.11",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:1.9.12:beta0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.10.10",
                "versionStartIncluding": "1.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.11.4",
                "versionStartIncluding": "1.11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "ID": "CVE-2018-1002105"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-388"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
            },
            {
              "name": "https://github.com/kubernetes/kubernetes/issues/71411",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/kubernetes/kubernetes/issues/71411"
            },
            {
              "name": "RHSA-2018:3754",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3754"
            },
            {
              "name": "RHSA-2018:3752",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3752"
            },
            {
              "name": "RHSA-2018:3742",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3742"
            },
            {
              "name": "RHSA-2018:3624",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3624"
            },
            {
              "name": "RHSA-2018:3598",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3598"
            },
            {
              "name": "RHSA-2018:3551",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3551"
            },
            {
              "name": "RHSA-2018:3549",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3549"
            },
            {
              "name": "RHSA-2018:3537",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3537"
            },
            {
              "name": "106068",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/106068"
            },
            {
              "name": "https://github.com/evict/poc_CVE-2018-1002105",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/evict/poc_CVE-2018-1002105"
            },
            {
              "name": "46053",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/46053/"
            },
            {
              "name": "46052",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "VDB Entry",
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.exploit-db.com/exploits/46052/"
            },
            {
              "name": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190416-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "openSUSE-SU-2020:0554",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-06-28T21:15Z",
      "publishedDate": "2018-12-05T21:29Z"
    }
  }
}

CNVD-2018-25306

Vulnerability from cnvd - Published: 2018-12-13

Title

Google Kubernetes权限访问控制漏洞

Description

Google Kubernetes是美国Google公司的一套开源的Docker容器集群管理系统。该系统为容器化的应用提供资源调度、部署运行、服务发现和扩容缩容等功能。 Google Kubernetes 1.10.11之前版本、1.11.5之前版本和1.12.3之前版本中存在权限访问控制漏洞，该漏洞源于程序未能正确的处理错误响应。攻击者可通过发送特制的请求利用该漏洞部署恶意代码或修改现有服务。

Severity

高

Patch Name

Google Kubernetes权限访问控制漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接: https://access.redhat.com/errata/RHSA-2018:3624

Reference

https://packetstormsecurity.com/files/150573/Red-Hat-Security-Advisory-2018-3624-01.html

Impacted products

Name
['Google Kubernetes <1.10.11', 'Google Kubernetes <1.11.5', 'Google Kubernetes <1.12.3']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "106068"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1002105"
    }
  },
  "description": "Google Kubernetes\u662f\u7f8e\u56fdGoogle\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684Docker\u5bb9\u5668\u96c6\u7fa4\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u5bb9\u5668\u5316\u7684\u5e94\u7528\u63d0\u4f9b\u8d44\u6e90\u8c03\u5ea6\u3001\u90e8\u7f72\u8fd0\u884c\u3001\u670d\u52a1\u53d1\u73b0\u548c\u6269\u5bb9\u7f29\u5bb9\u7b49\u529f\u80fd\u3002\n\nGoogle Kubernetes 1.10.11\u4e4b\u524d\u7248\u672c\u30011.11.5\u4e4b\u524d\u7248\u672c\u548c1.12.3\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u9519\u8bef\u54cd\u5e94\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u90e8\u7f72\u6076\u610f\u4ee3\u7801\u6216\u4fee\u6539\u73b0\u6709\u670d\u52a1\u3002",
  "discovererName": "Darren Shepherd",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://access.redhat.com/errata/RHSA-2018:3624",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25306",
  "openTime": "2018-12-13",
  "patchDescription": "Google Kubernetes\u662f\u7f8e\u56fdGoogle\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684Docker\u5bb9\u5668\u96c6\u7fa4\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u5bb9\u5668\u5316\u7684\u5e94\u7528\u63d0\u4f9b\u8d44\u6e90\u8c03\u5ea6\u3001\u90e8\u7f72\u8fd0\u884c\u3001\u670d\u52a1\u53d1\u73b0\u548c\u6269\u5bb9\u7f29\u5bb9\u7b49\u529f\u80fd\u3002\r\n\r\nGoogle Kubernetes 1.10.11\u4e4b\u524d\u7248\u672c\u30011.11.5\u4e4b\u524d\u7248\u672c\u548c1.12.3\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u9519\u8bef\u54cd\u5e94\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u90e8\u7f72\u6076\u610f\u4ee3\u7801\u6216\u4fee\u6539\u73b0\u6709\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Kubernetes\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google Kubernetes \u003c1.10.11",
      "Google Kubernetes \u003c1.11.5",
      "Google Kubernetes \u003c1.12.3"
    ]
  },
  "referenceLink": "https://packetstormsecurity.com/files/150573/Red-Hat-Security-Advisory-2018-3624-01.html",
  "serverity": "\u9ad8",
  "submitTime": "2018-12-05",
  "title": "Google Kubernetes\u6743\u9650\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e"
}

CERTFR-2022-AVI-591

Vulnerability from certfr_avis - Published: 2022-06-30 - Updated: 2022-06-30

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Plus versions antérieures à 10.1.11
IBM	Spectrum	IBM Spectrum Protect Client versions antérieures à 8.1.1.15
IBM	N/A	IBM® Db2® et Db2 Warehouse® sur Cloud Pak for Data versions antérieures à 4.5.0
IBM	Db2	IBM® Db2® sur Openshift versions antérieures à 11.5.7.0-cn5

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1002105 (GCVE-0-2018-1002105)

CVE-2018-1002105

FKIE_CVE-2018-1002105

GHSA-579H-MV94-G4GP

GSD-2018-1002105

CNVD-2018-25306

CERTFR-2022-AVI-591

Solution

Tags

Sightings

Nomenclature