CVE-2018-1002102: URL Redirection to Untrusted Site (Open Redirect)

December 5, 2019 (updated January 16, 2020)

Improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

References

github.com/kubernetes/kubernetes/issues/85867
nvd.nist.gov/vuln/detail/CVE-2018-1002102

Detect and mitigate CVE-2018-1002102 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →