CVE-2018-2475
Last modified
CVE-2018-2475 is a vulnerability of currently unknown severity. Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. EPSS estimates a 1.35% chance of exploitation in the next 30 days.
Description
Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.4.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gardener | Gardener | < 0.12.4 |
References
- http://www.securityfocus.com/bid/105579Third Party Advisory, VDB Entry
- https://launchpad.support.sap.com/#/notes/2699726Permissions Required, Vendor Advisory
- http://www.securityfocus.com/bid/105579Third Party Advisory, VDB Entry
- https://launchpad.support.sap.com/#/notes/2699726Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-2475?
How severe is CVE-2018-2475?
How do I fix CVE-2018-2475?
Are you affected by CVE-2018-2475?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST