High severity8.1NVD Advisory· Published Dec 5, 2018· Updated Jun 17, 2026
CVE-2018-1002103
CVE-2018-1002103
Description
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/minikubeGo | >= 0.3.0, <= 0.29.0 | — |
Affected products
2- Kubernetes/Minikubev5Range: v0.3.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-6pcv-qqx4-mxm3ghsaADVISORY
- github.com/kubernetes/minikube/issues/3208nvdIssue TrackingMitigationThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1002103ghsaADVISORY
News mentions
0No linked articles in our index yet.