CVE-2018-1002105

EPSS 90.77% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-1002105

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Google Kubernetes 权限许可和访问控制漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Google Kubernetes是美国Google公司的一套开源的Docker容器集群管理系统。该系统为容器化的应用提供资源调度、部署运行、服务发现和扩容缩容等功能。 Google Kubernetes 1.10.11之前版本、1.11.5之前版本和1.12.3之前版本中存在提权漏洞，该漏洞源于程序没有正确的处理错误响应。攻击者可通过发送特制的请求利用该漏洞部署恶意代码或修改现有服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Kubernetes	Kubernetes	v1.0.x	-

II. Public POCs for CVE-2018-1002105

#	POC Description	Source Link	Shenlong Link
1	Test utility for cve-2018-1002105	https://github.com/gravitational/cve-2018-1002105	POC Details
2	PoC for CVE-2018-1002105.	https://github.com/evict/poc_CVE-2018-1002105	POC Details
3	个人整理的Centos7.x + Kubernetes-1.12.3 + Dashboard-1.8.3 无 CVE-2018-1002105 漏洞的master节点全自动快速一键安装部署文件，适用于测试环境，生产环境的快速安装部署	https://github.com/imlzw/Kubernetes-1.12.3-all-auto-install	POC Details
4	PoC command injection example for cve-2018-1002105 based off https://github.com/gravitational/cve-2018-1002105	https://github.com/bgeesaman/cve-2018-1002105	POC Details
5	None	https://github.com/sh-ubh/CVE-2018-1002105	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-1002105

请登录查看更多情报信息。

🔗 https://github.com/evict/poc_CVE-2018-1002105x_refsource_MISC
🔗 https://security.netapp.com/advisory/ntap-20190416-0001/x_refsource_CONFIRM
🔗 https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Dox_refsource_MISC
🔗 https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88x_refsource_CONFIRM
🔗 https://github.com/kubernetes/kubernetes/issues/71411x_refsource_CONFIRM
🔗 https://www.exploit-db.com/exploits/46052/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/46053/exploitx_refsource_EXPLOIT-DB
🔗 http://www.securityfocus.com/bid/106068vdb-entryx_refsource_BID
🔗 https://access.redhat.com/errata/RHSA-2018:3742vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2018:3551vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2018:3598vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2018:3549vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2018:3537vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2018:3624vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2018:3754vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2018:3752vendor-advisoryx_refsource_REDHAT
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.htmlvendor-advisoryx_refsource_SUSE
🔗 http://www.openwall.com/lists/oss-security/2019/07/06/4mailing-listx_refsource_MLIST
🔗 http://www.openwall.com/lists/oss-security/2019/06/28/2mailing-listx_refsource_MLIST
🔗 http://www.openwall.com/lists/oss-security/2019/07/06/3mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2018-1002105

Same Patch Batch · Kubernetes · 2018-12-05 · 3 CVEs total

CVE-2018-1002101		Google Kubernetes 命令注入漏洞
CVE-2018-1002103		Minikube 跨站请求伪造漏洞

IV. Related Vulnerabilities

Same product: Kubernetes

Same vendor: Kubernetes

V. Comments for CVE-2018-1002105

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-1002105

I. Basic Information for CVE-2018-1002105

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2018-1002105

III. Intelligence Information for CVE-2018-1002105

Same Patch Batch · Kubernetes · 2018-12-05 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-1002105

Leave a comment