CVE-2018-1002105

EUVD-2022-0831
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
kubernetesCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
kuberneteskubernetes
1.0.0 ≤
𝑥
≤ 1.9.11
kuberneteskubernetes
1.10.0 ≤
𝑥
≤ 1.10.10
kuberneteskubernetes
1.11.0 ≤
𝑥
≤ 1.11.4
kuberneteskubernetes
1.12.0 ≤
𝑥
≤ 1.12.2
kuberneteskubernetes
1.9.12:beta0
redhatopenshift_container_platform
3.2
redhatopenshift_container_platform
3.3
redhatopenshift_container_platform
3.4
redhatopenshift_container_platform
3.5
redhatopenshift_container_platform
3.6
redhatopenshift_container_platform
3.8
redhatopenshift_container_platform
3.10
redhatopenshift_container_platform
3.11
netapptrident
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kubernetes
bookworm
1.20.5+really1.20.2-1.1
fixed
bullseye
1.20.5+really1.20.2-1
fixed
sid
1.20.5+really1.20.2-1.1
fixed
trixie
1.20.5+really1.20.2-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kubernetes
bionic
dne
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.securityfocus.com/bid/106068
https://access.redhat.com/errata/RHSA-2018:3537
https://access.redhat.com/errata/RHSA-2018:3549
https://access.redhat.com/errata/RHSA-2018:3551
https://access.redhat.com/errata/RHSA-2018:3598
https://access.redhat.com/errata/RHSA-2018:3624
https://access.redhat.com/errata/RHSA-2018:3742
https://access.redhat.com/errata/RHSA-2018:3752
https://access.redhat.com/errata/RHSA-2018:3754
https://github.com/evict/poc_CVE-2018-1002105
https://github.com/kubernetes/kubernetes/issues/71411
https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88
https://security.netapp.com/advisory/ntap-20190416-0001/
https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
https://www.exploit-db.com/exploits/46052/
https://www.exploit-db.com/exploits/46053/
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.securityfocus.com/bid/106068
https://access.redhat.com/errata/RHSA-2018:3537
https://access.redhat.com/errata/RHSA-2018:3549
https://access.redhat.com/errata/RHSA-2018:3551
https://access.redhat.com/errata/RHSA-2018:3598
https://access.redhat.com/errata/RHSA-2018:3624
https://access.redhat.com/errata/RHSA-2018:3742
https://access.redhat.com/errata/RHSA-2018:3752
https://access.redhat.com/errata/RHSA-2018:3754
https://github.com/evict/poc_CVE-2018-1002105
https://github.com/kubernetes/kubernetes/issues/71411
https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88
https://security.netapp.com/advisory/ntap-20190416-0001/
https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
https://www.exploit-db.com/exploits/46052/
https://www.exploit-db.com/exploits/46053/