Kubernetes API Server Side Request Forgery Security Bypass Vulnerability
BID:106780
Info
Kubernetes API Server Side Request Forgery Security Bypass Vulnerability
| Bugtraq ID: | 106780 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 08 2019 12:00AM |
| Updated: | Jan 08 2019 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Pivotal Container Service (PKS) 1.2.4 Pivotal Container Service (PKS) 1.2 Pivotal Cloud Foundry Container Runtime (CFCR) 0.25 Pivotal Cloud Foundry Container Runtime (CFCR) 0.10 Pivotal Cloud Foundry Container Runtime (CFCR) 0.7 Kubernetes Kubernetes 1.12.3 Kubernetes Kubernetes 1.12.2 Kubernetes Kubernetes 1.12.1 Kubernetes Kubernetes 1.12 Kubernetes Kubernetes 1.11.5 Kubernetes Kubernetes 1.11.4 Kubernetes Kubernetes 1.11.3 Kubernetes Kubernetes 1.11.2 Kubernetes Kubernetes 1.11.1 Kubernetes Kubernetes 1.11 |
| Not Vulnerable: |
Pivotal Container Service (PKS) 1.2.5 Pivotal Cloud Foundry Container Runtime (CFCR) 0.26 Kubernetes Kubernetes 1.12.4 Kubernetes Kubernetes 1.11.6 |
Discussion
Kubernetes API Server Side Request Forgery Security Bypass Vulnerability
Kubernetes API is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.
Kubernetes API 1.11.0 through 1.11.5, and 1.12..0 through 1.12.3 are vulnerable.
Kubernetes API is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.
Kubernetes API 1.11.0 through 1.11.5, and 1.12..0 through 1.12.3 are vulnerable.