CVE-2018-1002102

Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to v1.14.0

Description The issue arises from improper validation of URL redirection in the Kubernetes API server, allowing an attacker-controlled Kubelet to redirect API server requests to arbitrary hosts. This can lead to API servers following the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

Recommendations For versions prior to v1.14.0, update to version v1.14.0 or later to resolve the issue. As a temporary workaround, consider restricting access to streaming endpoints to minimize the risk of exploitation.