CVE-2018-1002105

This Python script exploits CVE-2018-1002105, an unauthenticated API access vulnerability in Kubernetes. It sends crafted HTTP requests in two stages to bypass authentication and access restricted API endpoints, potentially leading to information disclosure or further exploitation.

This Python script exploits CVE-2018-1002105, a vulnerability in Kubernetes that allows privilege escalation via improper handling of JWT tokens. It performs a two-stage attack to execute commands on a privileged pod by leveraging access to a less privileged pod.

This repository contains a proof-of-concept exploit for CVE-2018-1002105, a Kubernetes API server vulnerability. It includes both authenticated and unauthenticated PoCs for privilege escalation and remote code execution via pod exec/attach/portforward methods.

This repository contains a scanner tool to detect CVE-2018-1002105, a Kubernetes API server vulnerability related to WebSocket upgrade security. It checks for unauthenticated access and privilege escalation indicators.

This repository provides a set of scripts for automating the installation of Kubernetes 1.12.3 with Dashboard 1.8.3 on CentOS 7, specifically configured to avoid CVE-2018-1002105. It includes scripts for master node initialization, node joining, and additional component installations like Harbor and NGINX Ingress Controller.

This repository contains a functional proof-of-concept exploit for CVE-2018-1002105, which targets Kubernetes API servers. The exploit leverages pod exec privileges to dump secrets from the etcd database by establishing a connection to the API server and executing crafted requests.

This PoC exploits CVE-2018-1002105, a Kubernetes API server vulnerability allowing unauthorized access to admin-level API endpoints. It demonstrates command execution via upgraded connections (exec/attach/portforward) using a valid JWT token.

This repository contains a Go-based PoC for CVE-2018-1002105, a Kubernetes API server vulnerability allowing privilege escalation via websocket upgrade security flaws. The PoC tests for unauthenticated access and privilege escalation by executing commands in a pod.