Published: 05/12/2018 Updated: 09/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kubernetes minikube

Minikube What is Minikube? Minikube is a tool that makes it easy to run Kubernetes locally Minikube runs a single-node Kubernetes cluster inside a VM on your laptop for users looking to try out Kubernetes or develop with it day-to-day Newsflash 2018-10-05: minikube v0300 released, addressing CVE-2018-1002103: Dashboard vulnerable to DNS rebinding attack Installation m

CWE-352 https://github.com/kubernetes/minikube/issues/3208 https://nvd.nist.gov https://github.com/Oleg03134/minivube

CVE-2018-1002103

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect