Lucene search

KubernetesCVELIST:CVE-2023-1174

HistoryMay 24, 2023 - 12:00 a.m.

CVE-2023-1174 [minikube] Network Port exposure in minikube running on macOS using Docker driver

2023-05-2400:00:00

CWE-266

kubernetes

www.cve.org

cve-2023-1174

minikube

network port

macos

docker driver

vulnerability

remote access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

54.2%

JSON

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.

CNA Affected

[
  {
    "vendor": "Kubernetes",
    "product": "minikube",
    "versions": [
      {
        "version": "1.26.0",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "1.28.0",
        "status": "affected",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "macOS"
    ]
  }
]

References

groups.google.com/g/kubernetes-security-announce/c/2ZkJFMDTKbM

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

54.2%

JSON

Related for CVELIST:CVE-2023-1174