7.5
CVSSv2

CVE-2018-1002105

Published: 05/12/2018 Updated: 28/06/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 672
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Vulnerability Trend

Affected Products

Vendor Product Versions
KubernetesKubernetes1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.11, 1.4.12, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.11, 1.7.12, 1.7.13, 1.7.14, 1.7.15, 1.7.16, 1.7.17, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.8.8, 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.10, 1.9.11, 1.9.12, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.12.0, 1.12.1, 1.12.2
NetappTrident-
RedhatOpenshift Container Platform3.2, 3.3, 3.4, 3.5, 3.6, 3.8, 3.10, 3.11

Vendor Advisories

Synopsis Critical: OpenShift Container Platform 38 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 38Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring S ...
Synopsis Critical: OpenShift Container Platform 33 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 33Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 34 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 34Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 32 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 32Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring S ...
Debian Bug report logs - #915828 kubernetes: CVE-2018-1002105 Package: src:kubernetes; Maintainer for src:kubernetes is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Dec 2018 08:15:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in vers ...
Synopsis Critical: OpenShift Container Platform 310 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 310Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Synopsis Critical: OpenShift Container Platform 35 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 35Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 36 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 36Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 39 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 39Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring S ...
Synopsis Critical: OpenShift Container Platform 37 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform release 37Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability S ...
Synopsis Critical: OpenShift Container Platform 311 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers ...

Mailing Lists

On Fri, Jun 28, 2019 at 02:57:43PM +0200, Solar Designer wrote: True, but we care about more than just the kernel side of things Can I suggest that we fork the discussion around security-bugsrst to LKML? I can suggest an initial patch to address your comments here but I think that this is better handled on LKML My concern with Monday is ...

Github Repositories

CVE-2018-1002105 Test utility that checks a cluster for the high severity kubernetes CVE published here A stakeholder-level writeup of the CVE-2018-1002105 may be found at gravitationalcom/blog/kubernetes-websocket-upgrade-security-vulnerability/ Warning Running this test through layer 7 load balancers or proxies in front of you're kubernetes apiserver may be unr

CVE-2018-1002105 Test utility that checks a cluster for the high severity kubernetes CVE published here A stakeholder-level writeup of the CVE-2018-1002105 may be found at gravitationalcom/blog/kubernetes-websocket-upgrade-security-vulnerability/ Warning Running this test through layer 7 load balancers or proxies in front of you're kubernetes apiserver may be unr

fork 自giteecom/imlzw/Kubernetes-1123-all-auto-install Kubernetes-1123-all-auto-install 项目介绍 个人整理的Centos7x + Kubernetes-1123 + Dashboard-183 无 CVE-2018-1002105 漏洞的master节点全自动快速一键安装部署文件,适用于测试环境,生产环境的快速安装部署 准备工作 配置好centos的网络环境,使其可连

CVE-2018-1002105 PoC Authenticated PoC Demo Usage Unauthenticated PoC Demo Usage Authenticated PoC Proof-of-Concept exploit for CVE-2018-1002105 The current exploit requires create and get privileges on pods and pods/exec Support has been added for portforward and attach, which require similar permissions The current PoC dumps the secrets from the default etcd-kubern

[WIP]KubeCon-CloudNativeCon-Europe-2019 KubeCon-CloudNativeCon-Europe-2019's slides This repo hosts published slide files The detailed schedule can refer to the event website KubeCon-CloudNativeCon-Europe-2019 And you can find the Video lists of CNCF YouTube channel (Barcelona '19: KubeCon + CloudNativeCon) on youtube, enjoy it Slides list (TOC): accelerating-

Kubernetes-1123-all-auto-install 项目介绍 个人整理的Centos7x + Kubernetes-1123 + Dashboard-183 无 CVE-2018-1002105 漏洞的master,node节点全自动快速一键安装部署文件,适用于测试环境,生产环境的快速安装部署 参考文档 kubernetesio/docs/setup/independent/create-cluster-kubeadm/ master节点安装准备工作 配置

About Orchestrate and schedule application perhaps in many ways The simplest but not the cheapest: use ready AWS cluster EKS or GKE Today (12122018) was announced DOK8s it is cheap and easy to configure But it is impossible to describe as IaC because terraform does not have resource DOK8s for DO`s provider yet In my example, I created a cluster on DO droplets in Digital

kubecon19-eu KubeCon EU'19 Videos and Presentations Topic Video Presentation Lightning Talk: Cloud Native Wales: How We Contributed to the Community - Lewis Denham-Parry Watch Here - Lightning Talk: How to Regain the Trust of Your Users - Eduard Iacoboaia, Bookingcom Watch Here - Lightning Talk: Slow Starting Containers, How to Check Their Health? - Matthias

Alcide Kubernetes Advisor Alcide Advisor is an agentless service for Kubernetes audit and compliance that’s built to ensure a frictionless and secured DevSecOps workflow by layering a hygiene scan of Kubernetes cluster & workloads early in the development process and before moving to production With Alcide Advisor, you can cover the following security checks: Ku

Hello and welcome to Kubernetes Security, the resource center for the O'Reilly book on this topic by Liz Rice and Michael Hausenblas In the book we explore security concepts including defense in depth, least privilege, and limiting the attack surface We discuss and show how to secure clusters, and you'll also learn how Kubernetes uses authentication and authorizati

Alcide Kubernetes Advisor Pipeline Integrations Alcide Advisor is an agentless service for Kubernetes audit and compliance that’s built to ensure a frictionless and secured DevSecOps workflow by layering a hygiene scan of Kubernetes cluster & workloads early in the development process and before moving to production With Alcide Advisor, you can cover the followin

find_k8s Find Kubernetes across your environment, even if it's not installed via your package manager What it does This script uses the server processes inventory feature as well as the SVM module's installed software inventory feature to search for all instances of Kubernetes in your Halo-protected environment Indicates which are vulnerable to CVE-2018-1002105 Req

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Batchfile C C# C++ CMake CSS Cirru Clojure CoffeeScript Cuda Dart Dockerfile Emacs Lisp Erlang Go Groovy HTML Haskell Java JavaScript Jupyter Notebook Kotlin Lua Makefile OCaml Objective-C Others PHP Python R Ruby Rust Scala Shell Swift TeX TypeScript Vim script Vue XSLT Batchfile python-guide

핫식스 맛있다 Team Name is : 핫식스 맛있다 Team Members is : K-Shield Jr 2기 - | 권승민 | 이성영 | 안지원 | 이정훈 | Tema Project Subject is : 쿠버네티스 취약점 분석 도구 분석할 CVE 목록 CVE-2019-1002101 CVE-2019-9946 CVE-2018-1002105

핫식스 맛있다 Team Name is : 핫식스 맛있다 Team Members is : K-Shield Jr 2기 - | 권승민 | 이성영 | 안지원 | 이정훈 | Tema Project Subject is : 쿠버네티스 취약점 분석 도구 분석할 CVE 목록 CVE-2019-1002101 CVE-2019-9946 CVE-2018-1002105 개인 블로그 권승민 - blognavercom/in_reasona || inreasontistorycom/

핫식스 맛있다 Team Name is : 핫식스 맛있다 Team Members is : K-Shield Jr 2기 - | 이건주 | 안지원 | 이성영 | 이정훈 | 권승민 | Tema Project Subject is : 쿠버네티스 취약점 분석 도구 쿠버네티스 취약점 분석 도구 사용 방법 1 이메일 등록 다음의 사이트 주소에 접속합니다 [hotsixkrokr] 이메일

sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP) 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河*蟹 近期

Security Notes Palo Alto Networks has world-renowned experts supporting threat research efforts across the company The completely in-house team focuses on quickly identifying, analyzing, and creating protections for attacks as they emerge—building and enhancing the automated prevention enforced through our Security Operating Platform The team is comprised of: Threat e

awesome-windows-kernel-security-development pe file format githubcom/corkami/pics meltdown/spectre poc githubcom/turbo/KPTI-PoC-Collection githubcom/gkaindl/meltdown-poc githubcom/feruxmax/meltdown githubcom/Eugnis/spectre-attack lightweight c++ gui library githubcom/idea4good/GuiLite githubcom/golang-ui/nuklea

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Exploit Code for the Kubernetes Flaw Is Now Available
BleepingComputer • Ionut Ilascu • 10 Dec 2018

The recently disclosed critical-impact bug in Kubernetes created strong ripples in the security space of the container-orchestration system. Now, multiple demo exploits exist and come with easy-to-understand explanations.
The severity score of the vulnerability (CVE-2018-1002105) has been established at 9.8, just 0.2 points shy of the perfect ten. This is because one avenue of attack involves unauthenticated users who could escalate privileges and run commands that could allow them to t...

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments
Threatpost • Tara Seals • 05 Dec 2018

A critical privilege-escalation vulnerability (CVE-2018-1002105) has been uncovered in the Kubernetes open-source container software, which is a fixture in much of today’s cloud infrastructure. It could allow an attacker unfettered, remote access for stealing data or crashing production applications.
It marks one of the first serious problems found in Kubernetes, and it’s a whopper, with a CVSS score of 9.8. A hacker can send specially crafted requests to establish a connection through...

Kubernetes Updates Patch Critical Privilege Escalation Bug
BleepingComputer • Ionut Ilascu • 04 Dec 2018

A critical vulnerability in Kubernetes open-source system for handling containerized applications can enable an attacker to gain full administrator privileges on Kubernetes compute nodes.
Kubernetes makes it easier to manage a container environment  by organizing application containers into pods, nodes (physical or virtual machines) and clusters. Multiple nodes form a cluster, managed by a master that coordinates cluster-related activities like scaling, scheduling, or updating apps.