In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/kubernetes/minikube/issues/3208 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: kubernetes
Published: 2018-12-05T21:00:00Z
Updated: 2024-09-16T22:35:01.118Z
Reserved: 2018-12-05T00:00:00Z
Link: CVE-2018-1002103
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-12-05T21:29:00.357
Modified: 2024-11-21T03:40:38.700
Link: CVE-2018-1002103
Redhat
No data.