{"id":"CVE-2018-1002105","details":"In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.","aliases":["GHSA-579h-mv94-g4gp","GO-2022-0792"],"modified":"2026-04-09T05:59:28.337856Z","published":"2018-12-05T21:29:00.403Z","related":["CGA-pr5q-v7cv-4h5g","openSUSE-SU-2020:0554-1","openSUSE-SU-2024:10901-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/07/06/4"},{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/06/28/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/07/06/3"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106068"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3549"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0001/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3551"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3742"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3752"},{"type":"ADVISORY","url":"https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3537"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3598"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3624"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3754"},{"type":"FIX","url":"https://github.com/kubernetes/kubernetes/issues/71411"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46053/"},{"type":"EVIDENCE","url":"https://github.com/evict/poc_CVE-2018-1002105"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46052/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"cd821444dcf3e1e237b5f3579721440624c9c4fa"},{"last_affected":"1bfeeb6f212135a22dc787b73e1980e5bccef13d"},{"introduced":"fc32d2f3698e36b93322a3465f63a14e9f0eaead"},{"last_affected":"be1a908c6aa47e0ae1b1dc861a1de6ccfe963aa2"},{"introduced":"91e7b4fd31fcd3d5f436da26c980becec37ceefe"},{"last_affected":"bf9a868e8ea3d3a8fa53cbb22f566771b3f8068b"},{"introduced":"0ed33881dc4355495f623c6f22e7dd0b7632b7c0"},{"last_affected":"17c77c7898218073f14c8d573582e8d2313dc740"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"last_affected":"1.9.11"},{"introduced":"1.10.0"},{"last_affected":"1.10.10"},{"introduced":"1.11.0"},{"last_affected":"1.11.4"},{"introduced":"1.12.0"},{"last_affected":"1.12.2"}]}}],"versions":["v1.10.0","v1.10.1","v1.10.1-beta.0","v1.10.10","v1.10.10-beta.0","v1.10.2","v1.10.2-beta.0","v1.10.3","v1.10.3-beta.0","v1.10.4","v1.10.4-beta.0","v1.10.5","v1.10.5-beta.0","v1.10.6","v1.10.6-beta.0","v1.10.7","v1.10.7-beta.0","v1.10.8","v1.10.8-beta.0","v1.10.9","v1.10.9-beta.0","v1.11.0","v1.11.1","v1.11.1-beta.0","v1.11.2","v1.11.2-beta.0","v1.11.3","v1.11.3-beta.0","v1.11.4","v1.11.4-beta.0","v1.12.0","v1.12.1","v1.12.1-beta.0","v1.12.2","v1.12.2-beta.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1002105.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.9.12-beta0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4"}]},{"events":[{"introduced":"0"},{"last_affected":"3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"3.6"}]},{"events":[{"introduced":"0"},{"last_affected":"3.8"}]},{"events":[{"introduced":"0"},{"last_affected":"3.10"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}