Описание
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-18264
- https://github.com/kubernetes/dashboard/pull/3289
- https://github.com/kubernetes/dashboard/pull/3400
- https://github.com/kubernetes/dashboard/releases/tag/v1.10.1
- https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI
- https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard
- http://www.securityfocus.com/bid/106493
Связанные уязвимости
CVSS3: 6.5
redhat
больше 7 лет назад
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
CVSS3: 7.5
nvd
около 7 лет назад
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.