RSS   Vulnerabilities for 'Minikube'   RSS

2018-12-05
 
CVE-2018-1002103

CWE-352
 

 
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.

 

 >>> Vendor: Kubernetes 12 Products
JAVA
Kubernetes
Minikube
Kube-state-metrics
Cri-o
External-provisioner
External-resizer
External-snapshotter
Nginx ingress controller
Ingress-nginx
Secrets store csi driver
Aws-iam-authenticator


Copyright 2024, cxsecurity.com

 

Back to Top