From 8833234d45540fcb414b3c83606859d8cebf7063 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jordan@liggitt.net>
Date: Mon, 8 Oct 2018 22:53:35 -0400
Subject: [PATCH] CVE-2018-1002103

---
 2018/1002xxx/CVE-2018-1002103.json | 87 ++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 2018/1002xxx/CVE-2018-1002103.json

diff --git a/2018/1002xxx/CVE-2018-1002103.json b/2018/1002xxx/CVE-2018-1002103.json
new file mode 100644
index 00000000000..b6ef65da327
--- /dev/null
+++ b/2018/1002xxx/CVE-2018-1002103.json
@@ -0,0 +1,87 @@
+{
+  "CVE_data_meta": {
+    "ASSIGNER": "jordan@liggitt.net",
+    "DATE_ASSIGNED": "2018-10-03",
+    "ID": "CVE-2018-1002103",
+    "STATE": "PUBLIC"
+  },
+  "data_format": "MITRE",
+  "data_type": "CVE",
+  "data_version": "4.0",
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "product": {
+            "product_data": [
+              {
+                "product_name": "Minikube",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_affected": ">=",
+                      "version_value": "v0.3.0"
+                    },
+                    {
+                      "version_affected": "<",
+                      "version_value": "v0.30.0"
+                    }
+                  ]
+                }
+              }
+            ]
+          },
+          "vendor_name": "Kubernetes"
+        }
+      ]
+    }
+  },
+  "credit": [
+    "Reported by Alex Kaskasoli"
+  ],
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem."
+      }
+    ]
+  },
+  "impact": {
+    "cvss": {
+      "attackComplexity": "LOW",
+      "attackVector": "NETWORK",
+      "availabilityImpact": "NONE",
+      "baseScore": 8.1,
+      "baseSeverity": "HIGH",
+      "confidentialityImpact": "HIGH",
+      "integrityImpact": "HIGH",
+      "privilegesRequired": "NONE",
+      "scope": "UNCHANGED",
+      "userInteraction": "REQUIRED",
+      "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
+      "version": "3.0"
+    }
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "Improper Input Validation"
+          }
+        ]
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "name": "https://github.com/kubernetes/minikube/issues/3208",
+        "refsource": "CONFIRM",
+        "url": "https://github.com/kubernetes/minikube/issues/3208"
+      }
+    ]
+  }
+}
\ No newline at end of file