CVE-2018-1002103 — HIGH (8.1)

Q: How severe is CVE-2018-1002103?

CVE-2018-1002103 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1002103?

Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Minikube.

Vulnerability Description

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Kubernetes	Minikube	>= 0.3.0, <= 0.29.0

Related Weaknesses (CWE)

CWE-352

References

https://github.com/kubernetes/minikube/issues/3208Issue TrackingMitigationThird Party Advisory
https://github.com/kubernetes/minikube/issues/3208Issue TrackingMitigationThird Party Advisory

FAQ

What is CVE-2018-1002103?

CVE-2018-1002103 is a vulnerability with a CVSS score of 8.1 (HIGH). In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebindin...

How severe is CVE-2018-1002103?

CVE-2018-1002103 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1002103?

Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Minikube.