Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/53094?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53094?format=api", "vulnerability_id": "VCID-3m8h-88sb-f7hk", "summary": "Privilege Escalation in Kubernetes\nIn all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.", "aliases": [ { "alias": "CVE-2018-1002105" }, { "alias": "GHSA-579h-mv94-g4gp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/926512?format=api", "purl": "pkg:deb/debian/kubernetes@1.17.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.17.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/926507?format=api", "purl": "pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42kp-8t9h-dfat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/926505?format=api", "purl": "pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/926509?format=api", "purl": "pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/926508?format=api", "purl": "pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/80752?format=api", "purl": "pkg:golang/github.com/kubernetes/kubernetes@1.10.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/kubernetes/kubernetes@1.10.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/80753?format=api", "purl": "pkg:golang/github.com/kubernetes/kubernetes@1.11.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/kubernetes/kubernetes@1.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/80754?format=api", "purl": "pkg:golang/github.com/kubernetes/kubernetes@1.12.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:golang/github.com/kubernetes/kubernetes@1.12.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/107128?format=api", "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.10.72-1.git.1450.7d3f435?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.10.72-1.git.1450.7d3f435%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107116?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.20.6367d5d?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.2.1.34-2.git.20.6367d5d%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107126?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.3.1.46.45-1.git.0.2ce596e?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.3.1.46.45-1.git.0.2ce596e%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107122?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.4.1.44.57-1.git.0.a631031?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.4.1.44.57-1.git.0.a631031%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107118?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.5.5.31.80-1.git.0.c4a0780?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.5.5.31.80-1.git.0.c4a0780%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107133?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.6.173.0.140-1.git.0.9686d52?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.6.173.0.140-1.git.0.9686d52%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107119?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.7.72-1.git.0.925b9cd?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" }, { "vulnerability": "VCID-aqg1-k7hr-2fga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.7.72-1.git.0.925b9cd%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107115?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.8.44-1.git.0.9be0abd?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.8.44-1.git.0.9be0abd%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107124?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.9.51-1.git.0.dc3a40b?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" }, { "vulnerability": "VCID-aqg1-k7hr-2fga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.9.51-1.git.0.dc3a40b%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107111?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.10.72-1.git.0.3cb2fdc?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.10.72-1.git.0.3cb2fdc%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107120?format=api", "purl": "pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107125?format=api", "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.10.72-1.git.299.953c1c8?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.10.72-1.git.299.953c1c8%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107113?format=api", "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.72-1.git.390.186ec4f?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.72-1.git.390.186ec4f%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107112?format=api", "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.72-1.git.252.fa9e8ae?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.72-1.git.252.fa9e8ae%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107114?format=api", "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.10.72-1.git.395.d23c438?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.10.72-1.git.395.d23c438%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107131?format=api", "purl": "pkg:rpm/redhat/cockpit@160-3?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" }, { "vulnerability": "VCID-ep8y-hq9y-afcu" }, { "vulnerability": "VCID-vtvy-ec7a-xua9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cockpit@160-3%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107129?format=api", "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.72-1.git.1060.64daa26?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.72-1.git.1060.64daa26%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107109?format=api", "purl": "pkg:rpm/redhat/openshift-ansible@3.3.149-1.git.0.3859ddb?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.3.149-1.git.0.3859ddb%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107130?format=api", "purl": "pkg:rpm/redhat/openshift-ansible@3.4.172-1.git.0.33fe526?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.4.172-1.git.0.33fe526%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107117?format=api", "purl": "pkg:rpm/redhat/openshift-ansible@3.5.175-1.git.0.1274ebe?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.5.175-1.git.0.1274ebe%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107132?format=api", "purl": "pkg:rpm/redhat/openshift-ansible@3.6.173.0.140-1.git.0.0ccb19b?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.6.173.0.140-1.git.0.0ccb19b%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107127?format=api", "purl": "pkg:rpm/redhat/openshift-ansible@3.7.72-1.git.0.5c45a8a?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.7.72-1.git.0.5c45a8a%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107108?format=api", "purl": "pkg:rpm/redhat/openshift-ansible@3.10.73-1.git.0.8b65cea?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.10.73-1.git.0.8b65cea%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107121?format=api", "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.72-1.git.380.0fd53e8?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.72-1.git.380.0fd53e8%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107110?format=api", "purl": "pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.10.72-1.git.59.5358725?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.10.72-1.git.59.5358725%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/107123?format=api", "purl": "pkg:rpm/redhat/openshift-monitor-sample-app@3.10.72-1.git.5.de405bc?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3m8h-88sb-f7hk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-monitor-sample-app@3.10.72-1.git.5.de405bc%3Farch=el7" } ], "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3537", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3549", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3551", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3624", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3742", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3752", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3754", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3754" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002105.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1002105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90349", "scoring_system": "epss", "scoring_elements": "0.99605", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.90349", "scoring_system": "epss", "scoring_elements": "0.99606", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.90698", "scoring_system": "epss", "scoring_elements": "0.99621", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.90698", "scoring_system": "epss", "scoring_elements": "0.99619", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90698", "scoring_system": "epss", "scoring_elements": "0.9962", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.90698", "scoring_system": "epss", "scoring_elements": "0.99622", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.90771", "scoring_system": "epss", "scoring_elements": "0.99634", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.90771", "scoring_system": "epss", "scoring_elements": "0.99632", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.90771", "scoring_system": "epss", "scoring_elements": "0.99631", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.90771", "scoring_system": "epss", "scoring_elements": "0.99633", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1002105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002105" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/evict/poc_CVE-2018-1002105", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/evict/poc_CVE-2018-1002105" }, { "reference_url": "https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/kubernetes/kubernetes/commit/2257c1ecbe3c0cf71dd50b82752ae189c94ec905" }, { "reference_url": "https://github.com/kubernetes/kubernetes/issues/71411", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/kubernetes/kubernetes/issues/71411" }, { "reference_url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190416-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190416-0001" }, { "reference_url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do" }, { "reference_url": "https://www.exploit-db.com/exploits/46052", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46052" }, { "reference_url": "https://www.exploit-db.com/exploits/46053", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46053" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2019/06/28/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2019/07/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2019/07/06/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "reference_url": "https://www.securityfocus.com/bid/106068", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.securityfocus.com/bid/106068" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138", "reference_id": "1648138", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828", "reference_id": "915828", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915828" }, { "reference_url": "https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py", "reference_id": "CVE-2018-1002105", "reference_type": "exploit", "scores": [], "url": "https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py" }, { "reference_url": "https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py", "reference_id": "CVE-2018-1002105", "reference_type": "exploit", "scores": [], "url": "https://github.com/evict/poc_CVE-2018-1002105/blob/f704f2e593fbb686b4a5799dc13e8bfcec13f3c3/poc.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py", "reference_id": "CVE-2018-1002105", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46052.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py", "reference_id": "CVE-2018-1002105", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/46053.py" } ], "weaknesses": [ { "cwe_id": 269, "name": "Improper Privilege Management", "description": "The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor." }, { "cwe_id": 305, "name": "Authentication Bypass by Primary Weakness", "description": "The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error." } ], "exploits": [ { "date_added": "2018-12-24", "description": "Kubernetes - (Unauthenticated) Arbitrary Requests", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": false, "source_date_published": "2018-12-10", "exploit_type": "remote", "platform": "multiple", "source_date_updated": "2018-12-24", "data_source": "Exploit-DB", "source_url": "https://github.com/evict/poc_CVE-2018-1002105/blob/ed5da79aadad0049d11f89fcb9ed65f987a331a1/unauth_poc.py" } ], "severity_range_score": "9.0 - 10.0", "exploitability": "2.0", "weighted_severity": "9.0", "risk_score": 10.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3m8h-88sb-f7hk" }