Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1002102

Опубликовано: 05 дек. 2019
Источник: nvd
CVSS3: 2.6
CVSS2: 2.1
EPSS Низкий

Описание

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.10.0 (включая) до 1.13.13 (включая)
cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha0:*:*:*:*:*:*
cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha1:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

EPSS

Процентиль: 51%
0.00283
Низкий

2.6 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-601
CWE-601

Связанные уязвимости

ubuntu логотип

CVE-2018-1002102

CVSS3: 2.6
ubuntu
больше 5 лет назад

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

redhat логотип

CVE-2018-1002102

CVSS3: 2.6
redhat
больше 5 лет назад

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

debian логотип

CVE-2018-1002102

CVSS3: 2.6
debian
больше 5 лет назад

Improper validation of URL redirection in the Kubernetes API server in ...

EPSS

Процентиль: 51%
0.00283
Низкий

2.6 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-601
CWE-601