CVE-2018-1002102
Published: 05 December 2019
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
Priority
CVSS 3 base score: 2.6
Status
Package | Release | Status |
---|---|---|
kubernetes Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Needs triage
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
Notes
Author | Note |
---|---|
leosilva | kubernates is in fact a kubernetes installer that calls snap, not the package it self. |