Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-2475

UNKNOWN
Published 2018-10-09T13:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-2475. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.4.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

SAP

project “Gardener”

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-g482-4r7c-68g6

Advisory Details

Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.4.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-2475
WEB https://groups.google.com/forum/#!topic/gardener/OjfKEe1LwXo
WEB https://launchpad.support.sap.com/#/notes/2699726
WEB https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095
WEB http://www.securityfocus.com/bid/105579

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095
https://groups.google.com/forum/#%21topic/gardener/OjfKEe1LwXo
http://www.securityfocus.com/bid/105579
https://launchpad.support.sap.com/#/notes/2699726
Published: 2018-10-09T13:00:00
Last Modified: 2024-08-05T04:21:33.648Z
Copied to clipboard!