High Severity

IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server

Share this post:

IBM Cloud Kubernetes Service is affected by a security vulnerability in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation.

CVE(s): CVE-2018-1002105

Affected product(s) and affected version(s):

IBM Cloud Kubernetes Service 1.12.0-1.12.2
IBM Cloud Kubernetes Service 1.11.0-1.11.4
IBM Cloud Kubernetes Service 1.10.0-1.10.10
IBM Cloud Kubernetes Service 1.5-1.9

Authenticated users on all affected versions can escalate their privileges to perform any API request using the kubelet API on nodes running pods where they have permissions to get, list or watch on these resources:

pods/attachpods/execpods/portforward

This includes listing all pods on the node, running arbitrary commands inside those pods, and obtaining the command output from running arbitrary commands.

Unauthenticated users can can gain full administrative access on any IBM Cloud Kubernetes cluster with aggregated API servers. All IBM Cloud Kubernetes Service clusters at version 1.12 deploy aggregated API servers. Clusters at version 1.11 and earlier are only affected if you have deployed your own aggregated API server.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10743917
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153638

More stories

IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-v

Apr 20, 2019 9:00 am EDT | High Severity

AT&T has released version 1801-v for the Vyatta 5600. Details of this release can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches CVE(s): CVE-2018-8905, CVE-2018-7456, CVE-2018-5784, CVE-2018-18557, CVE-2018-1710, CVE-2018-16335, CVE-2018-15209, CVE-2018-10963, CVE-2017-17095, CVE-2017-11613, CVE-2018-19788, CVE-2018-19628, CVE-2018-19627, CVE-2018-18226, CVE-2018-18225, CVE-2018-12086, CVE-2018-16866, CVE-2018-16865, CVE-2018-16864, CVE-2019-6250, CVE-2018-19967, CVE-2018-19965, CVE-2018-19962, CVE-2018-19961, CVE-2019-3462, CVE-2018-0737, CVE-2018-0735, CVE-2018-0734, CVE-2018-0732, CVE-2018-5407, CVE-2018-19966 Affected product(s) and affected version(s):VRA ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2018-3180, CVE-2018-12547)

Apr 19, 2019 9:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. CVE(s): CVE-2018-3180, CVE-2018-12547 Affected product(s) and affected version(s): IBM Cognos TM1 10.2.2 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight (CVE-2018-3180, CVE-2018-12547)

Apr 19, 2019 9:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. CVE(s): CVE-2018-3180, CVE-2018-12547 Affected product(s) and affected version(s): IBM Cognos Insight 10.2.2 Refer to the following reference URLs for remediation and ...read more