Moderate severityNVD Advisory· Published Jan 14, 2020· Updated Sep 16, 2024
CVE-2018-1002104
CVE-2018-1002104
Description
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/ingress-nginxGo | < 1.5 | 1.5 |
Affected products
17- osv-coords16 versionspkg:apk/chainguard/ingress-nginx-controllerpkg:apk/chainguard/ingress-nginx-controller-1.9pkg:apk/chainguard/ingress-nginx-controller-compatpkg:apk/chainguard/ingress-nginx-controller-compat-1.9pkg:apk/chainguard/ingress-nginx-controller-compat-fips-1.9pkg:apk/chainguard/ingress-nginx-controller-fipspkg:apk/chainguard/ingress-nginx-controller-fips-1.9pkg:apk/chainguard/ingress-nginx-controller-fips-compatpkg:apk/chainguard/kube-webhook-certgenpkg:apk/chainguard/kube-webhook-certgen-1.9pkg:apk/chainguard/kube-webhook-certgen-fipspkg:apk/chainguard/kube-webhook-certgen-fips-1.9pkg:apk/wolfi/ingress-nginx-controllerpkg:apk/wolfi/ingress-nginx-controller-compatpkg:apk/wolfi/kube-webhook-certgenpkg:golang/k8s.io/ingress-nginx
< 0+ 15 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.5
- Kubernetes/k8s.gcr.io/defaultbackendv5Range: defaultbackend
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-p3x5-5xpx-9phmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1002104ghsaADVISORY
- github.com/kubernetes/ingress-nginx/commit/d487a50e399100ad8db12ed1d2f92271f311f676ghsaWEB
- github.com/kubernetes/ingress-nginx/issues/1733ghsaWEB
- github.com/kubernetes/ingress-nginx/pull/3125ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.