Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1002105Authentication Bypass by Primary Weakness in Kubernetes

CWE-388CWE-305Authentication Bypass by Primary WeaknessCWE-269Improper Privilege Management19 documents11 sources
Severity
9.8CRITICALNVD
EPSS
90.7%
top 0.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
KubernetesGithub.com Kubernetes KubernetesRedhat Openshift Container Platform
Timeline
PublishedDec 5
Latest updateAug 21

Description

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5kubernetes/kubernetesunspecifiedv1.10.11+12
Gogithub.com/kubernetes_kubernetes1.11.01.11.5+2
Debiankubernetes/kubernetes< 1.17.4-1+3
NVDkubernetes/kubernetes1.0.01.9.11+4

Also affects: Openshift Container Platform 3.10, 3.11, 3.2, 3.3, 3.4, 3.5, 3.6, 3.8

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Privilege Escalation in Kubernetes in github.com/kubernetes/kubernetes2024-08-21
OSV
Privilege Escalation in Kubernetes2022-02-15
GHSA
Privilege Escalation in Kubernetes2022-02-15
OSV
CVE-2018-1002105: In all Kubernetes versions prior to v12018-12-05
CVEList
CVE-2018-1002105: In all Kubernetes versions prior to v12018-12-05

💥Exploits & PoCs

2
Exploit-DB
Kubernetes - (Authenticated) Arbitrary Requests2018-12-10
Exploit-DB
Kubernetes - (Unauthenticated) Arbitrary Requests2018-12-10

📋Vendor Advisories

2
Red Hat
kubernetes: authentication/authorization bypass in the handling of non-101 responses2018-12-03
Debian
CVE-2018-1002105: kubernetes - In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect ha...2018

🕵️Threat Intelligence

5
Trailofbits
Finding unhandled errors using CodeQL2022-01-11
Trailofbits
Finding unhandled errors using CodeQL2022-01-11
Unit42
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)2018-12-09
Unit42
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)2018-12-09
Tenable
Kubernetes Privilege Escalation Vulnerability Publicly Disclosed (CVE-2018-1002105)2018-12-04

💬Community

3
Bugzilla
CVE-2018-1002105 origin: kubernetes: authentication/authorization bypass in the handling of non-101 responses [fedora-all]2018-12-05
Bugzilla
CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses [fedora-all]2018-12-03
Bugzilla
CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses2018-11-08
CVE-2018-1002105 — Kubernetes vulnerability | cvebase