CVE-2018-1002102 — Open Redirect in Kubernetes
Severity
2.6LOWNVD
EPSS
0.2%
top 57.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 5
Latest updateSep 9
Description
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4
Affected Packages4 packages
Also affects: Fedora 31
🔴Vulnerability Details
1OSV▶
CVE-2018-1002102: Improper validation of URL redirection in the Kubernetes API server in versions prior to v1↗2019-12-05
📋Vendor Advisories
2Red Hat▶
kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints↗2019-12-03
Debian▶
CVE-2018-1002102: kubernetes - Improper validation of URL redirection in the Kubernetes API server in versions ...↗2018
🕵️Threat Intelligence
2💬Community
3Bugzilla▶
CVE-2018-1002102 kubernetes:1.10/kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming en↗2019-12-17
Bugzilla▶
CVE-2018-1002102 kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints↗2019-12-17
Bugzilla▶
CVE-2018-1002102 kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints [fedora-↗2019-12-17