Описание
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
Отчет
This issue did not affect the versions of heketi shipped with 'Red Hat Gluster Storage 3' as it does not ship kubernetes dashboard.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Storage 3 | heketi | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-305
https://bugzilla.redhat.com/show_bug.cgi?id=1663128dashboard: Authentication bypass resulting in information exposure
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
около 7 лет назад
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
CVSS3: 7.5
github
больше 3 лет назад
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
6.5 Medium
CVSS3