Lucene search

K
nvd[email protected]NVD:CVE-2018-1002102
HistoryDec 05, 2019 - 4:15 p.m.

CVE-2018-1002102

2019-12-0516:15:10
CWE-601
web.nvd.nist.gov

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

AI Score

3.6

Confidence

High

EPSS

0.001

Percentile

22.7%

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

Affected configurations

NVD
Node
kuberneteskubernetesRange1.10.01.13.13
OR
kuberneteskubernetesMatch1.14.0alpha0
OR
kuberneteskubernetesMatch1.14.0alpha1
Node
fedoraprojectfedoraMatch31

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

AI Score

3.6

Confidence

High

EPSS

0.001

Percentile

22.7%