cvedb.io
CVE-2018-1002103
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2018-12-05T21:29:00.357 · Last modified 2026-06-17T01:33:20.423

Summary

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.

Affected products

kubernetes — minikube

Does this affect you?

Add your gear to cvedb and we'll alert you only when kubernetes ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.