CVE-2018-1002103 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1002103 Interim 1 4 2025-02-17T02:26:32Z current 2021-09-30T01:06:17Z 2025-02-17T02:26:32Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1002103 In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed docker-machine-driver-kvm2-1.23.0-1.2 minikube-1.23.0-1.2 minikube-bash-completion-1.23.0-1.2 docker-machine-driver-kvm2-1.23.0-1.2 as a component of openSUSE Tumbleweed minikube-1.23.0-1.2 as a component of openSUSE Tumbleweed minikube-bash-completion-1.23.0-1.2 as a component of openSUSE Tumbleweed In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. CVE-2018-1002103 openSUSE Tumbleweed:docker-machine-driver-kvm2-1.23.0-1.2 openSUSE Tumbleweed:minikube-1.23.0-1.2 openSUSE Tumbleweed:minikube-bash-completion-1.23.0-1.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H