Bug 1648138 (CVE-2018-1002105)
| Summary: | CVE-2018-1002105 kubernetes: authentication/authorization bypass in the handling of non-101 responses | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | abhgupta, admiller, ahardin, bleanhar, bmontgom, ccoleman, chuyu, cperry, dbaker, deads, dedgar, dominik.mierzejewski, eparis, erich, gmollett, ichavero, jbrooks, jburrell, jcajka, jchaloup, jgoulding, jokerman, jpriddy, jshepherd, mchappel, nhorman, nstielau, scheng, security-response-team, skontar, sponnaga, sthangav, strigazi, sttts, tdawson, trankin, tstclair, vbatts, wsun |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kubernetes 1.10.11, kubernetes 1.11.5, kubernetes 1.12.3, kubernetes 1.13.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-03-05 04:35:46 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1651073, 1648171, 1648172, 1648173, 1648174, 1648175, 1648176, 1648177, 1648178, 1648179, 1648180, 1648181, 1648731, 1655686, 1656650 | ||
| Bug Blocks: | 1648143, 1652502, 1652503, 1652504, 1652505, 1670468 | ||
|
Description
Laura Pardo
2018-11-08 22:10:11 UTC
Mitigation: See the vulnerability article for mitigation procedures. Upstream commit https://github.com/kubernetes/apimachinery/commit/b5d13f078af116d09ad9c323357497a0e9f623fc Created kubernetes tracking bugs for this issue: Affects: fedora-all [bug 1655686] This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.2 Via RHSA-2018:3742 https://access.redhat.com/errata/RHSA-2018:3742 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2018:3537 https://access.redhat.com/errata/RHSA-2018:3537 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.3 Via RHSA-2018:3754 https://access.redhat.com/errata/RHSA-2018:3754 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.4 Via RHSA-2018:3752 https://access.redhat.com/errata/RHSA-2018:3752 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.10 Via RHSA-2018:3549 https://access.redhat.com/errata/RHSA-2018:3549 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.6 Via RHSA-2018:3598 https://access.redhat.com/errata/RHSA-2018:3598 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.9 Via RHSA-2018:2908 https://access.redhat.com/errata/RHSA-2018:2908 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.8 Via RHSA-2018:3551 https://access.redhat.com/errata/RHSA-2018:3551 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.9 Via RHSA-2018:2908 https://access.redhat.com/errata/RHSA-2018:2908 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.8 Via RHSA-2018:3551 https://access.redhat.com/errata/RHSA-2018:3551 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.5 Via RHSA-2018:3624 https://access.redhat.com/errata/RHSA-2018:3624 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.7 Via RHSA-2018:2906 https://access.redhat.com/errata/RHSA-2018:2906 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.9 Via RHSA-2018:2908 https://access.redhat.com/errata/RHSA-2018:2908 Acknowledgments: Name: the Kubernetes Product Security Team Upstream: Darren Shepherd Statement: In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘service catalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. External References: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88 https://access.redhat.com/security/vulnerabilities/3716411 Created origin tracking bugs for this issue: Affects: fedora-all [bug 1656650] |