Moderate severityNVD Advisory· Published Dec 5, 2018· Updated Aug 5, 2024
CVE-2018-1002101
CVE-2018-1002101
Description
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetesGo | >= 1.9.0, < 1.9.10 | 1.9.10 |
k8s.io/kubernetesGo | >= 1.10.0, < 1.10.6 | 1.10.6 |
k8s.io/kubernetesGo | >= 1.11.0, < 1.11.2 | 1.11.2 |
Affected products
1- Range: unspecified
Patches
1d65039c56ce4Merge pull request #65751 from andyzhangx/mount-windows-fix
1 file changed · +12 −6
pkg/util/mount/mount_windows.go+12 −6 modified@@ -83,14 +83,20 @@ func (mounter *Mounter) Mount(source string, target string, fstype string, optio return fmt.Errorf("azureMount: only cifs mount is supported now, fstype: %q, mounting source (%q), target (%q), with options (%q)", fstype, source, target, options) } - cmdLine := fmt.Sprintf(`$User = "%s";$PWord = ConvertTo-SecureString -String "%s" -AsPlainText -Force;`+ - `$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord`, - options[0], options[1]) - bindSource = source - cmdLine += fmt.Sprintf(";New-SmbGlobalMapping -RemotePath %s -Credential $Credential", source) - if output, err := exec.Command("powershell", "/c", cmdLine).CombinedOutput(); err != nil { + // use PowerShell Environment Variables to store user input string to prevent command line injection + // https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-5.1 + cmdLine := fmt.Sprintf(`$PWord = ConvertTo-SecureString -String $Env:smbpassword -AsPlainText -Force` + + `;$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Env:smbuser, $PWord` + + `;New-SmbGlobalMapping -RemotePath $Env:smbremotepath -Credential $Credential`) + + cmd := exec.Command("powershell", "/c", cmdLine) + cmd.Env = append(os.Environ(), + fmt.Sprintf("smbuser=%s", options[0]), + fmt.Sprintf("smbpassword=%s", options[1]), + fmt.Sprintf("smbremotepath=%s", source)) + if output, err := cmd.CombinedOutput(); err != nil { return fmt.Errorf("azureMount: SmbGlobalMapping failed: %v, only SMB mount is supported now, output: %q", err, string(output)) } }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-wqwf-x5cj-rg56ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1002101ghsaADVISORY
- www.securityfocus.com/bid/106238ghsavdb-entryx_refsource_BIDWEB
- github.com/kubernetes/kubernetes/commit/d65039c56ce4de5f2efdc38aa1284eeb95f89169ghsaWEB
- github.com/kubernetes/kubernetes/issues/65750ghsax_refsource_CONFIRMWEB
- github.com/kubernetes/kubernetes/pull/65751ghsaWEB
- security.netapp.com/advisory/ntap-20190416-0008ghsaWEB
- security.netapp.com/advisory/ntap-20190416-0008/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.