Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-3m8h-88sb-f7hk
Summary
Privilege Escalation in Kubernetes
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
Aliases
0
alias CVE-2018-1002105
1
alias GHSA-579h-mv94-g4gp
Fixed_packages
0
url pkg:deb/debian/kubernetes@1.17.4-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.17.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.17.4-1%3Fdistro=trixie
1
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42kp-8t9h-dfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie
2
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie
4
url pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie
5
url pkg:golang/github.com/kubernetes/kubernetes@1.10.11
purl pkg:golang/github.com/kubernetes/kubernetes@1.10.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/kubernetes/kubernetes@1.10.11
6
url pkg:golang/github.com/kubernetes/kubernetes@1.11.5
purl pkg:golang/github.com/kubernetes/kubernetes@1.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/kubernetes/kubernetes@1.11.5
7
url pkg:golang/github.com/kubernetes/kubernetes@1.12.3
purl pkg:golang/github.com/kubernetes/kubernetes@1.12.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/kubernetes/kubernetes@1.12.3
Affected_packages
0
url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.10.72-1.git.1450.7d3f435?arch=el7
purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.10.72-1.git.1450.7d3f435?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.10.72-1.git.1450.7d3f435%3Farch=el7
1
url pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.20.6367d5d?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.20.6367d5d?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.20.6367d5d%3Farch=el7
2
url pkg:rpm/redhat/atomic-openshift@3.3.1.46.45-1.git.0.2ce596e?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.3.1.46.45-1.git.0.2ce596e?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.3.1.46.45-1.git.0.2ce596e%3Farch=el7
3
url pkg:rpm/redhat/atomic-openshift@3.4.1.44.57-1.git.0.a631031?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.4.1.44.57-1.git.0.a631031?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.4.1.44.57-1.git.0.a631031%3Farch=el7
4
url pkg:rpm/redhat/atomic-openshift@3.5.5.31.80-1.git.0.c4a0780?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.5.5.31.80-1.git.0.c4a0780?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.5.5.31.80-1.git.0.c4a0780%3Farch=el7
5
url pkg:rpm/redhat/atomic-openshift@3.6.173.0.140-1.git.0.9686d52?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.6.173.0.140-1.git.0.9686d52?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.6.173.0.140-1.git.0.9686d52%3Farch=el7
6
url pkg:rpm/redhat/atomic-openshift@3.7.72-1.git.0.925b9cd?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.7.72-1.git.0.925b9cd?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
1
vulnerability VCID-aqg1-k7hr-2fga
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.7.72-1.git.0.925b9cd%3Farch=el7
7
url pkg:rpm/redhat/atomic-openshift@3.8.44-1.git.0.9be0abd?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.8.44-1.git.0.9be0abd?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.8.44-1.git.0.9be0abd%3Farch=el7
8
url pkg:rpm/redhat/atomic-openshift@3.9.51-1.git.0.dc3a40b?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.9.51-1.git.0.dc3a40b?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
1
vulnerability VCID-aqg1-k7hr-2fga
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.9.51-1.git.0.dc3a40b%3Farch=el7
9
url pkg:rpm/redhat/atomic-openshift@3.10.72-1.git.0.3cb2fdc?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.10.72-1.git.0.3cb2fdc?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.10.72-1.git.0.3cb2fdc%3Farch=el7
10
url pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05%3Farch=el7
11
url pkg:rpm/redhat/atomic-openshift-descheduler@3.10.72-1.git.299.953c1c8?arch=el7
purl pkg:rpm/redhat/atomic-openshift-descheduler@3.10.72-1.git.299.953c1c8?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.10.72-1.git.299.953c1c8%3Farch=el7
12
url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.72-1.git.390.186ec4f?arch=el7
purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.72-1.git.390.186ec4f?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.72-1.git.390.186ec4f%3Farch=el7
13
url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.72-1.git.252.fa9e8ae?arch=el7
purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.72-1.git.252.fa9e8ae?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.72-1.git.252.fa9e8ae%3Farch=el7
14
url pkg:rpm/redhat/atomic-openshift-web-console@3.10.72-1.git.395.d23c438?arch=el7
purl pkg:rpm/redhat/atomic-openshift-web-console@3.10.72-1.git.395.d23c438?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.10.72-1.git.395.d23c438%3Farch=el7
15
url pkg:rpm/redhat/cockpit@160-3?arch=el7
purl pkg:rpm/redhat/cockpit@160-3?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
1
vulnerability VCID-ep8y-hq9y-afcu
2
vulnerability VCID-vtvy-ec7a-xua9
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@160-3%3Farch=el7
16
url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.72-1.git.1060.64daa26?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.72-1.git.1060.64daa26?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.72-1.git.1060.64daa26%3Farch=el7
17
url pkg:rpm/redhat/openshift-ansible@3.3.149-1.git.0.3859ddb?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.3.149-1.git.0.3859ddb?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.3.149-1.git.0.3859ddb%3Farch=el7
18
url pkg:rpm/redhat/openshift-ansible@3.4.172-1.git.0.33fe526?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.4.172-1.git.0.33fe526?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.4.172-1.git.0.33fe526%3Farch=el7
19
url pkg:rpm/redhat/openshift-ansible@3.5.175-1.git.0.1274ebe?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.5.175-1.git.0.1274ebe?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.5.175-1.git.0.1274ebe%3Farch=el7
20
url pkg:rpm/redhat/openshift-ansible@3.6.173.0.140-1.git.0.0ccb19b?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.6.173.0.140-1.git.0.0ccb19b?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.6.173.0.140-1.git.0.0ccb19b%3Farch=el7
21
url pkg:rpm/redhat/openshift-ansible@3.7.72-1.git.0.5c45a8a?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.7.72-1.git.0.5c45a8a?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.7.72-1.git.0.5c45a8a%3Farch=el7
22
url pkg:rpm/redhat/openshift-ansible@3.10.73-1.git.0.8b65cea?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.10.73-1.git.0.8b65cea?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.10.73-1.git.0.8b65cea%3Farch=el7
23
url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.72-1.git.380.0fd53e8?arch=el7
purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.72-1.git.380.0fd53e8?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.72-1.git.380.0fd53e8%3Farch=el7
24
url pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.10.72-1.git.59.5358725?arch=el7
purl pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.10.72-1.git.59.5358725?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.10.72-1.git.59.5358725%3Farch=el7
25
url pkg:rpm/redhat/openshift-monitor-sample-app@3.10.72-1.git.5.de405bc?arch=el7
purl pkg:rpm/redhat/openshift-monitor-sample-app@3.10.72-1.git.5.de405bc?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3m8h-88sb-f7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-monitor-sample-app@3.10.72-1.git.5.de405bc%3Farch=el7
References
0
reference_url https://access.redhat.com/errata/RHSA-2018:3537
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3537
1
reference_url https://access.redhat.com/errata/RHSA-2018:3549
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3549
2
reference_url https://access.redhat.com/errata/RHSA-2018:3551
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3551
3
reference_url https://access.redhat.com/errata/RHSA-2018:3598
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3598
4
reference_url https://access.redhat.com/errata/RHSA-2018:3624
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3624
5
reference_url https://access.redhat.com/errata/RHSA-2018:3742
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3742
6
reference_url https://access.redhat.com/errata/RHSA-2018:3752
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3752
7
reference_url https://access.redhat.com/errata/RHSA-2018:3754
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3754
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1002105
reference_id
reference_type
scores
0
value 0.90349
scoring_system epss
scoring_elements 0.99605
published_at 2026-04-24T12:55:00Z
1
value 0.90698
scoring_system epss
scoring_elements 0.99622
published_at 2026-04-16T12:55:00Z
2
value 0.90698
scoring_system epss
scoring_elements 0.99619
published_at 2026-04-02T12:55:00Z
3
value 0.90698
scoring_system epss
scoring_elements 0.9962
published_at 2026-04-07T12:55:00Z
4
value 0.90698
scoring_system epss
scoring_elements 0.99621
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1002105
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/evict/poc_CVE-2018-1002105
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/evict/poc_CVE-2018-1002105
13
reference_url https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905
14
reference_url https://github.com/kubernetes/kubernetes/issues/71411
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/71411
15
reference_url https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
16
reference_url https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1002105
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1002105
18
reference_url https://security.netapp.com/advisory/ntap-20190416-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190416-0001
19
reference_url https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
20
reference_url https://www.exploit-db.com/exploits/46052
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46052
21
reference_url https://www.exploit-db.com/exploits/46053
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46053
22
reference_url https://www.openwall.com/lists/oss-security/2019/06/28/2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/06/28/2
23
reference_url https://www.openwall.com/lists/oss-security/2019/07/06/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/07/06/3
24
reference_url https://www.openwall.com/lists/oss-security/2019/07/06/4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2019/07/06/4
25
reference_url https://www.securityfocus.com/bid/106068
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.securityfocus.com/bid/106068
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1648138
reference_id 1648138
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1648138
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828
reference_id 915828
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828
28
reference_url https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py
29
reference_url https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py
30
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py
31
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py
reference_id CVE-2018-1002105
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py
Weaknesses
0
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
1
cwe_id 305
name Authentication Bypass by Primary Weakness
description The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Exploits
0
date_added 2018-12-24
description Kubernetes - (Unauthenticated) Arbitrary Requests
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2018-12-10
exploit_type remote
platform multiple
source_date_updated 2018-12-24
data_source Exploit-DB
source_url https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py
Severity_range_score9.0 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-3m8h-88sb-f7hk