Oracle Linux 7 : kubernetes (ELSA-2018-4303)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4303 advisory. - CVE-2018-1002105 Handle error responses from backends Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

GHSA-579H-MV94-G4GP Privilege Escalation in Kubernetes

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

GHSA-PRMC-5V5W-C465 Client TLS credentials sent raw to server in npm package nats

Nats is a Node.js client for the NATS messaging system. Problem Description Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The...

Code injection

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

CVE-2018-1002105

CVE-2018-1002105 affects Kubernetes: before versions v1.10.11, v1.11.5, and v1.12.3, the kube-apiserver mishandles error responses to proxied upgrade requests. This flaw lets specially crafted requests establish a connection through the API server to backends and then send arbitrary requests over...

CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...

CVE-2018-1002105: Proxy request handling in kube-apiserver can leave vulnerable TCP connections | Cloud Foundry

Severity Critical Vendor Kubernetes Affected Cloud Foundry Products and Versions CFCR Release All versions prior to v0.25.0 Description With a specially crafted request, users are able to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests ove...