Kubernetes Dashboard Vulnerability in Minikube by Kubernetes
CVE-2018-1002103
8.1HIGH
What is CVE-2018-1002103?
Minikube versions 0.3.0 to 0.29.0 exhibit a vulnerability where the Kubernetes Dashboard is exposed on the VM's IP address at port 30000. In environments where the VM's IP can be easily predicted, attackers may exploit this exposure using DNS rebinding techniques to indirectly access the dashboard. This can lead to unauthorized creation of Kubernetes Deployments that run arbitrary code. Additionally, if the Minikube mount feature is utilized, attackers could potentially gain direct access to the host filesystem.
Affected Version(s)
Minikube v0.3.0
Minikube < unspecified