CVE-2018-1002105

Exp

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Published: 2018-12-05 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2018-1002105 is rated High Exploit Risk (89/100): CVSS Critical severity, with high exploitation likelihood (EPSS 90.10%, 100th percentile). 5 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2018-1002105

EDB-ID Source Kind Published Link
46052 exploit_db edb 2018-12-10 Exploit-DB ↗
46053 exploit_db edb 2018-12-10 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2018-1002105

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-05 90.19% 90.10% -0.09%
2 2026-05-25 89.70% 90.19% +0.49%
3 2026-05-23 89.70%

Full EPSS history (81 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2018-1002105

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.8 3.0 CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 5.9 [email protected]
9.8 3.0 CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 5.9 [email protected]
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2018-1002105

GitHub Security Advisory for CVE-2018-1002105

GHSA-579h-mv94-g4gp · Severity: critical · Ecosystem: go — Privilege Escalation in Kubernetes

OS Trackers for CVE-2018-1002105

vendor priority summary link
debian not yet assigned CVE-2018-1002105 not yet assigned priority: Debian including 1 source packages (kubernetes), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2018-1002105
redhat critical https://access.redhat.com/security/cve/CVE-2018-1002105
suse critical CVE-2018-1002105 severity critical: SUSE including 43 source package names (caasp-container-manifests-3.0.0+git_r291_33f7b2d-3.6.3, cri-o-1.10.6-4.8.5, …), 43 product×package rows across 4 product lines (SUSE CaaS Platform 3.0, SUSE Linux Enterprise Module for Public Cloud 12, openSUSE Leap 15.1, openSUSE Tumbleweed): Fixed 41, Known Not Affected 2. https://www.suse.com/security/cve/CVE-2018-1002105/
ubuntu medium CVE-2018-1002105 medium priority: Ubuntu including 1 source packages (kubernetes), 18 status rows across 18 suites (bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, trusty, upstream, xenial): ignored 10, DNE 4, not-affected 3, needs-triage 1. https://ubuntu.com/security/CVE-2018-1002105

Affected software / configurations for CVE-2018-1002105

Vendor Product Version Raw CPE
kubernetes kubernetes >= 1.0.0, <= 1.9.11 cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
kubernetes kubernetes >= 1.10.0, <= 1.10.10 cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
kubernetes kubernetes >= 1.11.0, <= 1.11.4 cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
kubernetes kubernetes >= 1.12.0, <= 1.12.2 cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
kubernetes kubernetes 1.9.12 cpe:2.3:a:kubernetes:kubernetes:1.9.12:beta0:*:*:*:*:*:*
redhat openshift_container_platform 3.2 cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*
redhat openshift_container_platform 3.3 cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*
redhat openshift_container_platform 3.4 cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*
redhat openshift_container_platform 3.5 cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*
redhat openshift_container_platform 3.6 cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*
redhat openshift_container_platform 3.8 cpe:2.3:a:redhat:openshift_container_platform:3.8:*:*:*:*:*:*:*
redhat openshift_container_platform 3.10 cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
redhat openshift_container_platform 3.11 cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
netapp trident cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*

References for CVE-2018-1002105

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.securityfocus.com/bid/106068 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3537 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3549 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3551 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3598 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3624 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3742 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3752 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3754 Third Party Advisory
https://github.com/evict/poc_CVE-2018-1002105 Exploit Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/71411 Issue Tracking Mitigation Patch Third Party Advisory
https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88
https://security.netapp.com/advisory/ntap-20190416-0001/ Third Party Advisory
https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do Mitigation Third Party Advisory
https://www.exploit-db.com/exploits/46052/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/46053/ Exploit Third Party Advisory VDB Entry
cvelogic Threat Intelligence