{"containers":{"cna":{"affected":[{"product":"k8s.gcr.io/defaultbackend","vendor":"Kubernetes","versions":[{"lessThan":"1.5","status":"affected","version":"defaultbackend","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Alexandre Malucelli"}],"datePublic":"2018-09-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-215","description":"CWE-215 Information Exposure Through Debug Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-01-14T20:15:17.000Z","orgId":"a6081bf6-c852-4425-ad4f-a67919267565","shortName":"kubernetes"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/kubernetes/ingress-nginx/pull/3125"}],"source":{"defect":["https://github.com/kubernetes/ingress-nginx/issues/1733"],"discovery":"USER"},"workarounds":[{"lang":"en","value":"Mask the /metrics endpoint with an Ingress rule so that metrics aren't exposed publicly. See https://github.com/kubernetes/ingress-nginx/issues/1733#issuecomment-358492359"}],"x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@kubernetes.io","DATE_PUBLIC":"2018-09-25","ID":"CVE-2018-1002104","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"k8s.gcr.io/defaultbackend","version":{"version_data":[{"version_affected":"<","version_name":"defaultbackend","version_value":"1.5"}]}}]},"vendor_name":"Kubernetes"}]}},"credit":[{"lang":"eng","value":"Alexandre Malucelli"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-215 Information Exposure Through Debug Information"}]}]},"references":{"reference_data":[{"name":"https://github.com/kubernetes/ingress-nginx/pull/3125","refsource":"CONFIRM","url":"https://github.com/kubernetes/ingress-nginx/pull/3125"}]},"source":{"defect":["https://github.com/kubernetes/ingress-nginx/issues/1733"],"discovery":"USER"},"work_around":[{"lang":"en","value":"Mask the /metrics endpoint with an Ingress rule so that metrics aren't exposed publicly. See https://github.com/kubernetes/ingress-nginx/issues/1733#issuecomment-358492359"}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T12:47:56.919Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/kubernetes/ingress-nginx/pull/3125"}]}]},"cveMetadata":{"assignerOrgId":"a6081bf6-c852-4425-ad4f-a67919267565","assignerShortName":"kubernetes","cveId":"CVE-2018-1002104","datePublished":"2020-01-14T20:15:17.491Z","dateReserved":"2018-12-05T00:00:00.000Z","dateUpdated":"2024-09-16T21:07:22.919Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}