CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API servers TLS credentials used to establish the backend connection.

Affected Software

Name	Vendor	Start Version	End Version
Kubernetes	Kubernetes	1.0.0 (including)	1.9.11 (including)
Kubernetes	Kubernetes	1.10.0 (including)	1.10.10 (including)
Kubernetes	Kubernetes	1.11.0 (including)	1.11.4 (including)
Kubernetes	Kubernetes	1.12.0 (including)	1.12.2 (including)
Kubernetes	Kubernetes	1.9.12-beta0 (including)	1.9.12-beta0 (including)
Red Hat OpenShift Container Platform 3.10	RedHat	atomic-enterprise-service-catalog-1:3.10.72-1.git.1450.7d3f435.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	atomic-openshift-0:3.10.72-1.git.0.3cb2fdc.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	atomic-openshift-descheduler-0:3.10.72-1.git.299.953c1c8.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	atomic-openshift-dockerregistry-0:3.10.72-1.git.390.186ec4f.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	atomic-openshift-node-problem-detector-0:3.10.72-1.git.252.fa9e8ae.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	atomic-openshift-web-console-0:3.10.72-1.git.395.d23c438.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	golang-github-prometheus-node_exporter-0:3.10.72-1.git.1060.64daa26.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	openshift-ansible-0:3.10.73-1.git.0.8b65cea.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	openshift-enterprise-cluster-capacity-0:3.10.72-1.git.380.0fd53e8.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	openshift-monitor-project-lifecycle-0:3.10.72-1.git.59.5358725.el7	*
Red Hat OpenShift Container Platform 3.10	RedHat	openshift-monitor-sample-app-0:3.10.72-1.git.5.de405bc.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	atomic-openshift-0:3.11.43-1.git.0.647ac05.el7	*
Red Hat OpenShift Container Platform 3.2	RedHat	atomic-openshift-0:3.2.1.34-2.git.20.6367d5d.el7	*
Red Hat OpenShift Container Platform 3.3	RedHat	atomic-openshift-0:3.3.1.46.45-1.git.0.2ce596e.el7	*
Red Hat OpenShift Container Platform 3.3	RedHat	openshift-ansible-0:3.3.149-1.git.0.3859ddb.el7	*
Red Hat OpenShift Container Platform 3.4	RedHat	atomic-openshift-0:3.4.1.44.57-1.git.0.a631031.el7	*
Red Hat OpenShift Container Platform 3.4	RedHat	openshift-ansible-0:3.4.172-1.git.0.33fe526.el7	*
Red Hat OpenShift Container Platform 3.5	RedHat	atomic-openshift-0:3.5.5.31.80-1.git.0.c4a0780.el7	*
Red Hat OpenShift Container Platform 3.5	RedHat	cockpit-0:160-3.el7	*
Red Hat OpenShift Container Platform 3.5	RedHat	openshift-ansible-0:3.5.175-1.git.0.1274ebe.el7	*
Red Hat OpenShift Container Platform 3.6	RedHat	atomic-openshift-0:3.6.173.0.140-1.git.0.9686d52.el7	*
Red Hat OpenShift Container Platform 3.6	RedHat	openshift-ansible-0:3.6.173.0.140-1.git.0.0ccb19b.el7	*
Red Hat OpenShift Container Platform 3.7	RedHat	atomic-openshift-0:3.7.72-1.git.0.925b9cd.el7	*
Red Hat OpenShift Container Platform 3.7	RedHat	openshift-ansible-0:3.7.72-1.git.0.5c45a8a.el7	*
Red Hat OpenShift Container Platform 3.8	RedHat	atomic-openshift-0:3.8.44-1.git.0.9be0abd.el7	*
Red Hat OpenShift Container Platform 3.9	RedHat	atomic-openshift-0:3.9.51-1.git.0.dc3a40b.el7	*
Kubernetes	Ubuntu	cosmic	*
Kubernetes	Ubuntu	disco	*
Kubernetes	Ubuntu	eoan	*
Kubernetes	Ubuntu	focal	*
Kubernetes	Ubuntu	groovy	*
Kubernetes	Ubuntu	hirsute	*
Kubernetes	Ubuntu	impish	*
Kubernetes	Ubuntu	kinetic	*
Kubernetes	Ubuntu	lunar	*
Kubernetes	Ubuntu	mantic	*
Kubernetes	Ubuntu	oracular	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-1002105
CWE	https://cwe.mitre.org/data/definitions/388.html

Affected Software

References