7.5
HIGH

CVE-2018-1002105

Published: 05/12/2018 Updated: 11/12/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vulnerability Summary

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

A vulnerability in the Kubernetes API server could allow an unauthenticated, remote attacker to gain elevated privileges on a targeted system.
The vulnerability is due to the improper handling of proxy requests by the affected software. An attacker could exploit this vulnerability to establish a TCP connection to a back-end server by sending a request that submits malicious input to a targeted Kubernetes API server. The attacker could then send arbitrary requests authenticated with the Transport Layer Security (TLS) credentials of the Kubernetes API server. A successful exploit could allow the attacker to gain elevated privileges on the system, which could be used to conduct further attacks.
Kubernetes has confirmed the vulnerability and released software updates.

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Vulnerability Trend

Affected Products

Vendor Product Versions
KubernetesKubernetes1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.12, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.11, 1.7.12, 1.7.13, 1.7.14, 1.7.17, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.8.8, 1.8.9, 1.8.15, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.12
RedhatOpenshift Container Platform3.2, 3.3, 3.4, 3.5, 3.6, 3.8, 3.10, 3.11

Mitigation

Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to run both firewall and antivirus applications to minimize the potential of inbound and outbound threats.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators can help protect affected systems from external attacks by using a solid firewall strategy.
Administrators are advised to monitor affected systems.

Exploitation

To exploit this vulnerability, the attacker must send a request that submits malicious input to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.

Github Repositories

HPE Express Containers with Docker Enterprise Edition on HPE SimpliVity Executive Summary Release Notes Playbook updates Configuration updates Fixed in this release Solution overview Solution configuration HPE SimpliVity configuration Linux-only VM configuration Hybrid VM configuration (Windows and Linux) High availability Sizing considerations Disaster Recovery Secur

Kubernetes-1.12.3-all-auto-install 项目介绍 个人整理的Centos7.x + Kubernetes-1.12.3 + Dashboard-1.8.3 无 CVE-2018-1002105 漏洞的master节点全自动快速一键安装部署文件,适用于测试环境,生产环境的快速安装部署 准备工作 配置好centos的网络环境,使其可连接互联网,用于下载安装文件 用root用户登录centos7,

CVE-2018-1002105 Test utility that checks a cluster for the high severity kubernetes CVE published here Build and Run git clone https://github.com/gravitational/cve-2018-1002105.git go run main.go Running as a container docker run -it --rm -v $HOME/.kube/config:/kubeconfig: quay.io/gravitational/cve-2018-1002105:latest

Hello and welcome to Kubernetes Security, the resource center for the O'Reilly book on this topic by Liz Rice and Michael Hausenblas. In the book we explore security concepts including defense in depth, least privilege, and limiting the attack surface. We discuss and show how to secure clusters, and you'll also learn how Kubernetes uses authentication and authorizati

About Orchestrate and schedule application perhaps many ways. The simplest but not the cheapest: use ready AWS cluster ELK or GKE. Today (12.12.2018) was announced DOK8s it is cheap and easy to configure. But it is impossible to describe as IaC case terraform does not yet have provider for DOK8s. In my example, I myself create a cluster on DO droplets in Digital Ocean, then in

fork 自https://gitee.com/imlzw/Kubernetes-1.12.3-all-auto-install Kubernetes-1.12.3-all-auto-install 项目介绍 个人整理的Centos7.x + Kubernetes-1.12.3 + Dashboard-1.8.3 无 CVE-2018-1002105 漏洞的master节点全自动快速一键安装部署文件,适用于测试环境,生产环境的快速安装部署 准备工作 配置好centos的网络环境,使其可连

2018-12-10 精选博文推荐 前端日报栏目数据来自码农头条(我开发的爬虫),每日分享前端、移动开发、设计、资源和资讯等,为开发者提供动力,点击Star按钮来关注这个项目,点击Watch来收听每日的更新Github主页 Vue 2.0学习笔记:Vue的transition (推酷网) WebSocket 快速入门 (推酷网) 推

References

Recent Articles

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments
Threatpost • Tara Seals • 05 Dec 2018

A critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software, which is a fixture in much of today’s cloud infrastructure. It could allow an attacker unfettered, remote access for stealing data or crashing production applications.
It marks one of the first serious problems found in Kubernetes, and it’s a whopper, with a CVSS score of 9.8. A hacker can send specially crafted requests to establish a connection through...