CVE-2023-1174

Summary

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.

Affected Software

VendorProductVersion RangeStatus
Kubernetesminikube1.26.0 < unspecifiedaffected
Kubernetesminikubeunspecified <= 1.28.0affected

Weaknesses

  • CWE-266: CWE-266 Incorrect Privilege Assignment

Workarounds

To continue using an existing cluster, change the default port mappings of the minikube container and restart the docker daemon -

docker run -v /var/lib/docker:/var/lib/docker -e MINIKUBE_CONTAINER_ID="$(docker ps –no-trunc -aqf 'name=^minikube$')" -it –entrypoint /bin/sh alpine sed -i 's/0.0.0.0/127.0.0.1/g' /var/lib/docker/containers/$MINIKUBE_CONTAINER_ID/config.v2.json

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References