Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2018-1002105: Proxy request handling in kube-apiserver can leave vulnerable TCP connections

by: December 5, 2018

CVE-2018-1002105: Proxy request handling in kube-apiserver can leave vulnerable TCP connections

Severity

Critical

Vendor

Kubernetes

Affected Cloud Foundry Products and Versions

  • CFCR Release
    • All versions prior to v0.25.0

Description

With a specially crafted request, users are able to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

    • CFCR release version v0.25.0

References

History

2018-12-05: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-4969-1: DHCP vulnerability
Security Advisory

USN-4969-1: DHCP vulnerability

by Cloud Foundry Foundation Security Team June 11, 2021
USN-3346-1: bind9 vulnerabilities
Security Advisory

USN-3346-1: bind9 vulnerabilities

by Cloud Foundry Foundation Security Team August 4, 2017
USN-3931-2: Linux kernel (HWE) vulnerabilities
Security Advisory

USN-3931-2: Linux kernel (HWE) vulnerabilities

by Cloud Foundry Foundation Security Team April 12, 2019
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept