VDB
CVE-2018-1002105
CVE-2018-1002105
REJECTED
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
EPSS 90.10% · 99.6th percentile
Risk Scores
EPSS Score
90.10%
99.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | kubernetes | 1.0, 0 |
| Ubuntu:22.04:LTS | kubernetes | 0, 1.0 |
| Ubuntu:24.04:LTS | kubernetes | 1.0, 0 |
Exploit Intelligence
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
- Test utility for cve-2018-1002105 (github-poc-repo)
…and 224 more exploits
Timeline
- Dec 5, 2018 CVE Published
- Dec 7, 2018 PoC Published
- Dec 24, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 31, 2023 EPSS Score
- May 8, 2023 EPSS Score
- Aug 2, 2023 EPSS Score
- Oct 27, 2023 EPSS Score
- Nov 14, 2023 EPSS Score
- Dec 17, 2023 EPSS Score
- Jan 3, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1002105 third-party-advisory
- https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 third-party-advisory
- https://github.com/kubernetes/kubernetes/issues/71411 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1002105 third-party-advisory