Lucene search
GoogleOSV:CVE-2018-1002103HistoryDec 05, 2018 - 9:29 p.m.
CVE-2018-1002103
2018-12-0521:29:00
Google
osv.dev
6
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.
| CPE | Name | Operator | Version |
|---|---|---|---|
| minikube | eq | 0.13.0 | |
| minikube | eq | 1.16.0-beta.0 | |
| minikube | eq | 1.9.0 | |
| minikube | eq | 1.6.0-beta.0 | |
| minikube | eq | 0.27.0 | |
| minikube | eq | 1.4.0-beta.2 | |
| minikube | eq | 1.21.0 | |
| minikube | eq | 1.0.0 | |
| minikube | eq | 1.24.0-beta.0 | |
| minikube | eq | 1.12.3 |
Related
cvelist
cvelist
CVE-2018-1002103
2022-10-03 16:21:40
osv
osv
Minikube RCE via DNS Rebinding
2022-05-13 01:35:04
github
github
Minikube RCE via DNS Rebinding
2022-05-13 01:35:04
cve
cve
CVE-2018-1002103
2022-10-03 16:21:40
veracode
veracode
DNS Rebinding
2018-10-17 13:39:17
prion
prion
Design/Logic Flaw
2018-12-05 21:29:00
nvd
nvd
CVE-2018-1002103
2018-12-05 21:29:00