Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1002105

Опубликовано: 05 дек. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Критический

Описание

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.0.0 (включая) до 1.9.11 (включая)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.10.0 (включая) до 1.10.10 (включая)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.11.0 (включая) до 1.11.4 (включая)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.12.0 (включая) до 1.12.2 (включая)
cpe:2.3:a:kubernetes:kubernetes:1.9.12:beta0:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.9075
Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-388

Связанные уязвимости

CVSS3: 9.8
ubuntu
больше 6 лет назад

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

CVSS3: 9.8
redhat
больше 6 лет назад

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

CVSS3: 9.8
debian
больше 6 лет назад

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, in ...

CVSS3: 9.8
github
больше 3 лет назад

Privilege Escalation in Kubernetes

oracle-oval
больше 6 лет назад

ELSA-2018-4303: kubernetes security update (IMPORTANT)

EPSS

Процентиль: 100%
0.9075
Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-388