Описание
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.10.1 (исключая)
cpe:2.3:a:kubernetes:dashboard:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.9085
Критический
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 6.5
redhat
больше 7 лет назад
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
CVSS3: 7.5
github
больше 3 лет назад
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
EPSS
Процентиль: 100%
0.9085
Критический
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306