# [MED] Critical Arbitrary Code Execution Vulnerability Found in Kubernetes

**Source:** Snyk
**Published:** 2018-12-20
**Article:** https://snyk.io/blog/critical-arbitrary-code-execution-vulnerability-found-in-kubernetes/

## Threat Profile

Snyk Blog In this article
Written by Liran Tal 
December 20, 2018
0 mins read On December 3rd 2018, a severe vulnerability was disclosed to the kubernetes community, which marks the first critical CVE found on the kubernetes project (based on a CVSS v3 score).
Patched versions were released and made available for end users and cloud providers. Make sure you upgrade to a fixed version, if you haven’t done so already. We suggest the following patched releases: v1.10.11, v1.11.5, v1.12.3, and v1.13…

## Indicators of Compromise (high-fidelity only)

- **CVE:** `CVE-2018-1002105`

## MITRE ATT&CK Techniques

- **T1190** — Exploit Public-Facing Application

## Kill chain phases observed

_(none detected from narrative keywords)_

## Recommended hunts

### IOC-driven hunts (use shared templates)

These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing.

- **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High**
  - CVE(s): `CVE-2018-1002105`


## Why this matters

Severity classified as **MED** based on: CVE present, 1 use case(s) fired, 1 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.