CVE-2018-1002105: Proxy request handling in kube-apiserver can leave vulnerable TCP connections
Affected Cloud Foundry Products and Versions
- CFCR Release
- All versions prior to v0.25.0
With a specially crafted request, users are able to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.
Users of affected versions should apply the following mitigations or upgrades:
- CFCR release version v0.25.0
2018-12-05: Initial vulnerability report published.