CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 1CVE-2019-1002101 – kubectl cp path traversal
https://notcve.org/view.php?id=CVE-2019-1002101
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. • https://github.com/brompwnie/CVE-2019-1002101-Helpers http://www.openwall.com/lists/oss-security/2019/06/21/1 http://www.openwall.com/lists/oss-security/2019/08/05/5 http://www.securityfocus.com/bid/107652 https://access.redhat.com/errata/RHBA-2019:0619 https://access.redhat.com/errata/RHBA-2019:0620 https://access.redhat.com/errata/RHBA-2019:0636 https://access.redhat.com/security/cve/cve-2019-1002101 https://github.com/kubernetes/kubernetes/pull/75037 https:/&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-1002100 – kube-apiserver: DoS with crafted patch of type json-patch
https://notcve.org/view.php?id=CVE-2019-1002100
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. En todas las versiones de Kubernetes anteriores a las v1.11.8, v1.12.6 y v1.13.4, los usuarios autorizados para realizar peticiones de parche en el servidor API de Kubernetes pueden enviar parches "json-patch" (p.ej., `kubectl patch --type json` o `"Content-Type: application/json-patch+json"`) especialmente manipulados que consumen recursos excesivos durante el procesamiento, conduciendo a una denegación de servicio (DoS) en el servidor API A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service. • http://www.securityfocus.com/bid/107290 https://access.redhat.com/errata/RHSA-2019:1851 https://access.redhat.com/errata/RHSA-2019:3239 https://github.com/kubernetes/kubernetes/issues/74534 https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g https://security.netapp.com/advisory/ntap-20190416-0002 https://access.redhat.com/security/cve/CVE-2019-1002100 https://bugzilla.redhat.com/show_bug.cgi?id=1683190 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 92%CPEs: 1EXPL: 1CVE-2018-18264
https://notcve.org/view.php?id=CVE-2018-18264
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. Las versiones de Kubernetes Dashboard anteriores a la 1.10.1 permitían a los atacantes omitir la autenticación y usar la cuenta de servicio del dashboard para leer secretos dentro del clúster. • http://www.securityfocus.com/bid/106493 https://github.com/kubernetes/dashboard/pull/3289 https://github.com/kubernetes/dashboard/pull/3400 https://github.com/kubernetes/dashboard/releases/tag/v1.10.1 https://groups.google.com/forum/#%21topic/kubernetes-announce/yBrFf5nmvfI https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1002103
https://notcve.org/view.php?id=CVE-2018-1002103
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. En Minikube 0.3.0-0.29.0, minikube expone el Dashboard de Kubernetes escuchando en la IP VM en el puerto 30000. En los entornos VM en los que la IP es fácil de predecir, el atacante puede emplear el reenlace de DNS para realizar peticiones de forma indirecta al Dashboard de Kubernetes y crear una nueva implementación de Kubernetes que ejecute código arbitrario. • https://github.com/kubernetes/minikube/issues/3208 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1002101
https://notcve.org/view.php?id=CVE-2018-1002101
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. En Kubernetes, en versiones 1.9.0-1.9.9, 1.10.0-1.10.5 y 1.11.0-1.11.1, las entradas de usuario se manejaron de forma incorrecta al configurar puntos de montaje de volúmenes en nodos de Windows, lo que podría conducir a una inyección de argumentos de la línea de comandos. • http://www.securityfocus.com/bid/106238 https://github.com/kubernetes/kubernetes/issues/65750 https://security.netapp.com/advisory/ntap-20190416-0008 •