|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-02-19 | |
| Rule Name: | Kubernetes Dashboard Authentication Bypass Information Disclosure (CVE-2018-18264) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:106493 https://github.com/kubernetes/dashboard/pull/3289 https://github.com/kubernetes/dashboard/pull/3400 https://github.com/kubernetes/dashboard/releases/tag/v1.10.1 |
|
| Solutions |
|---|
| Upgrading to version 1.10.1 eliminates this vulnerability. |