CVE-2018-1002101 — OS Command Injection in Kubernetes
Severity
9.8CRITICALNVD
CNA5.9
EPSS
0.9%
top 25.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 5
Latest updateAug 21
Description
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
6Bugzilla▶
CVE-2018-1002101 kubernetes:openshift-3.10/origin: kubernetes: Improper input validation while setting up volume mounts on Windows nodes allows for command injection [fedora-29]↗2018-12-17
Bugzilla▶
CVE-2018-1002101 kubernetes: Improper input validation while setting up volume mounts on Windows nodes allows for command injection↗2018-12-17
Bugzilla▶
CVE-2018-1002101 kubernetes: Improper input validation while setting up volume mounts on Windows nodes allows for command injection [fedora-all]↗2018-12-17
Bugzilla▶
CVE-2018-1002101 kubernetes:1.1/kubernetes: Improper input validation while setting up volume mounts on Windows nodes allows for command injection [fedora-29]↗2018-12-17
Bugzilla▶
CVE-2018-1002101 origin: kubernetes: Improper input validation while setting up volume mounts on Windows nodes allows for command injection [fedora-all]↗2018-12-17