All Vulnerability Reports

CVE-2018-1002105: Proxy request handling in kube-apiserver can leave vulnerable TCP connections


Severity

Critical

References
Vendor

Kubernetes

Description

With a specially crafted request, users are able to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.

Affected Pivotal Products and Versions

Severity is critical unless otherwise noted.

  • Pivotal Container Service (PKS) versions prior to 1.2.3
Mitigation

Users of affected versions should apply the following mitigation:

  • Pivotal Container Service (PKS) versions 1.2.3