| |
Vulnerability CVE-2018-1002102
Published: 2019-12-05
| Description: |
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet. |
Type:
CWE-601 (URL Redirection to Untrusted Site ('Open Redirect'))
CVSS2 => (AV:N/AC:H/Au:S/C:P/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
3.6/10 |
4.9/10 |
3.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
High |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
None |
References: |
https://github.com/kubernetes/kubernetes/issues/85867
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
