[minikube] Network Port exposure in minikube running on macOS using Docker driver
CVE-2023-1174

9.8CRITICAL

Key Information:

Vendor: Kubernetes
Status: Minikube
Vendor: CVE Published:; 24 May 2023

Summary

A vulnerability exists in Minikube when running on macOS with the Docker driver, which poses a risk of unexpected remote access to the Minikube container. This can potentially allow unauthorized individuals to access the network port exposed by the system, compromising container security and overall network integrity. Users of Minikube on macOS are advised to review their configurations and apply necessary updates to mitigate this security risk.

Affected Version(s)

minikube macOS 1.26.0

minikube macOS <= 1.28.0

References

https://groups.google.com/g/kubernetes-security-announce/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
Mar 3, 2023