7.5
CVSSv2

CVE-2018-1002105

Published: 05/12/2018 Updated: 16/04/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 723
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Vulnerability Trend

Affected Products

Vendor Product Versions
KubernetesKubernetes1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.11, 1.4.12, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.11, 1.7.12, 1.7.13, 1.7.14, 1.7.15, 1.7.16, 1.7.17, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.8.8, 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.10, 1.9.11, 1.9.12, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.12.1, 1.12.2
RedhatOpenshift Container Platform3.2, 3.3, 3.4, 3.5, 3.6, 3.8, 3.10, 3.11

Vendor Advisories

Synopsis Critical: OpenShift Container Platform 38 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 38Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring S ...
Synopsis Critical: OpenShift Container Platform 33 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 33Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 34 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 34Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 32 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 32Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring S ...
Synopsis Critical: OpenShift Container Platform 310 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 310Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: OpenShift Container Platform 35 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 35Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 36 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 36Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 39 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 39Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring S ...
Synopsis Critical: OpenShift Container Platform 37 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 37Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 311 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers ...

Github Repositories

CVE-2018-1002105 Test utility that checks a cluster for the high severity kubernetes CVE published here A stakeholder-level writeup of the CVE-2018-1002105 may be found at gravitationalcom/blog/kubernetes-websocket-upgrade-security-vulnerability/ Warning Running this test through layer 7 load balancers or proxies in front of you're kubernetes apiserver may be unr

fork 自giteecom/imlzw/Kubernetes-1123-all-auto-install Kubernetes-1123-all-auto-install 项目介绍 个人整理的Centos7x + Kubernetes-1123 + Dashboard-183 无 CVE-2018-1002105 漏洞的master节点全自动快速一键安装部署文件,适用于测试环境,生产环境的快速安装部署 准备工作 配置好centos的网络环境,使其可连

About Orchestrate and schedule application perhaps in many ways The simplest but not the cheapest: use ready AWS cluster EKS or GKE Today (12122018) was announced DOK8s it is cheap and easy to configure But it is impossible to describe as IaC because terraform does not have resource DOK8s for DO`s provider yet In my example, I created a cluster on DO droplets in Digital

CVE-2018-1002105 PoC Authenticated PoC Demo Usage Unauthenticated PoC Demo Usage Authenticated PoC Proof-of-Concept exploit for CVE-2018-1002105 The current exploit requires create and get privileges on pods and pods/exec Support has been added for portforward and attach, which require similar permissions The current PoC dumps the secrets from the default etcd-kubern

Kubernetes-1123-all-auto-install 项目介绍 个人整理的Centos7x + Kubernetes-1123 + Dashboard-183 无 CVE-2018-1002105 漏洞的master,node节点全自动快速一键安装部署文件,适用于测试环境,生产环境的快速安装部署 参考文档 kubernetesio/docs/setup/independent/create-cluster-kubeadm/ master节点安装准备工作 配置

Hello and welcome to Kubernetes Security, the resource center for the O'Reilly book on this topic by Liz Rice and Michael Hausenblas In the book we explore security concepts including defense in depth, least privilege, and limiting the attack surface We discuss and show how to secure clusters, and you'll also learn how Kubernetes uses authentication and authorizati

find_k8s Find Kubernetes across your environment, even if it's not installed via your package manager What it does This script uses the server processes inventory feature as well as the SVM module's installed software inventory feature to search for all instances of Kubernetes in your Halo-protected environment Indicates which are vulnerable to CVE-2018-1002105 Req

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Batchfile C C# C++ CMake CSS Cirru Clojure CoffeeScript Cuda Dart Dockerfile Emacs Lisp Erlang Go Groovy HTML Haskell Java JavaScript Jupyter Notebook Kotlin Lua Makefile OCaml Objective-C Others PHP Python R Ruby Rust Scala Shell Swift TeX TypeScript Vim script Vue XSLT Batchfile python-guide

sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP) 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河*蟹 近期

Security Notes Palo Alto Networks has world-renowned experts supporting threat research efforts across the company The completely in-house team focuses on quickly identifying, analyzing, and creating protections for attacks as they emerge—building and enhancing the automated prevention enforced through our Security Operating Platform The team is comprised of: Threat e

awesome-windows-kernel-security-development pe file format githubcom/corkami/pics meltdown/spectre poc githubcom/turbo/KPTI-PoC-Collection githubcom/gkaindl/meltdown-poc githubcom/feruxmax/meltdown githubcom/Eugnis/spectre-attack lightweight c++ gui library githubcom/idea4good/GuiLite githubcom/golang-ui/nuklea

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments
Threatpost • Tara Seals • 05 Dec 2018

A critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software, which is a fixture in much of today’s cloud infrastructure. It could allow an attacker unfettered, remote access for stealing data or crashing production applications.
It marks one of the first serious problems found in Kubernetes, and it’s a whopper, with a CVSS score of 9.8. A hacker can send specially crafted requests to establish a connection through...