BID:106068

Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability

CVE-2018-1002105 |

Info

Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability

Bugtraq ID:	106068
Class:	Access Validation Error
CVE:	CVE-2018-1002105
Remote:	Yes
Local:	No
Published:	Dec 04 2018 12:00AM
Updated:	Dec 04 2018 12:00AM
Credit:	Darren Shepherd
Vulnerable:	Kubernetes Kubernetes 1.12.2 Kubernetes Kubernetes 1.12.1 Kubernetes Kubernetes 1.12 Kubernetes Kubernetes 1.11.4 Kubernetes Kubernetes 1.11.3 Kubernetes Kubernetes 1.11.2 Kubernetes Kubernetes 1.11.1 Kubernetes Kubernetes 1.11 Kubernetes Kubernetes 1.10.10 Kubernetes Kubernetes 1.10.9 Kubernetes Kubernetes 1.10.8 Kubernetes Kubernetes 1.10.7 Kubernetes Kubernetes 1.10.6 Kubernetes Kubernetes 1.10.5 Kubernetes Kubernetes 1.10.4 Kubernetes Kubernetes 1.10.3 Kubernetes Kubernetes 1.10.2 Kubernetes Kubernetes 1.10.1 Kubernetes Kubernetes 1.10 Kubernetes Kubernetes 1.9 Kubernetes Kubernetes 1.0

Not Vulnerable:	Kubernetes Kubernetes 1.12.3 Kubernetes Kubernetes 1.11.5 Kubernetes Kubernetes 1.10.11

Discussion

Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability

Kubernetes API Server is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions.

The following products are affected:

Kubernetes 1.0.x through 1.9.x
Kubernetes 1.10.0 through 1.10.10
Kubernetes 1.11.0 through 1.11.4
Kubernetes 1.12.0 through 1.12.2

Exploit / POC

Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Kubernetes API Server CVE-2018-1002105 Remote Privilege Escalation Vulnerability

References:

CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable (kubernetes)
Kubernetes Homepage (kubernetes)
Kubernetes security flaw (CVE-2018-1002105) (elastisys.com)