Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2019-12-05T16:05:18.042235Z

Updated: 2024-09-17T00:56:37.681Z

Reserved: 2018-12-05T00:00:00

Link: CVE-2018-1002102

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-05T16:15:10.427

Modified: 2023-11-07T02:51:15.137

Link: CVE-2018-1002102

cve-icon Redhat

Severity : Low

Publid Date: 2019-12-03T00:00:00Z

Links: CVE-2018-1002102 - Bugzilla